Now, the public university is in the limelight again for the same reasons. On 9 May, Twitter user @imraimy posted that UiTM had published a list of nearly 12k MyKad numbers and emails of applicants on an unsecured link. According to the user, who seemed to be a student from the university said that “It’s their way of letting candidates check their particulars using the browser search function from a Google sheet.
— Here we go again. (@imraimy) May 9, 2023
In the thread, they shared screenshots of the list with the personal details blurred out and mentioned that the particulars of a total of 11891 individuals were included on the list.
11891 records to be exact pic.twitter.com/jEvh2RBn9l
— Here we go again. (@imraimy) May 9, 2023
A user tagged the Twitter page of the Ministry of Communications and Digital, questioning if it was a violation of the Personal Data Protection Act 2010 (Act 709). As of March 2023, Deputy Minister Teo Ni Ching had said that so far, seven cases have been charged in court under Section 5, Act 709 with total compounds amounting to RM200,000 and eight cases under Section 16, with compounds totaling RM81,000.
@kkd_gov adakah ini pelanggaran Akta 709 yang dilakukan oleh UiTM
— Bulakekomo (@MohdKkmm) May 9, 2023
Secara semborono @uitmofficial mendedahkan maklumat peribadi!
Another slammed the UiTM for the issue saying that scammers pay to get this valuable info but it was released by mistake by the university.
Wow..scammers pay to get this valuable info..now we have 11k data on the loose.. what a mess @uitmofficial
— ConcernedCitizen (@ConcernedMsia) May 9, 2023
One user said that there were only two reasons for data breaches, which was either that there were security issues or that someone on the inside had been bribed to sell the data.
Data breach ni puncanya ada dua je, samada security ataupun orang yang tak bertanggungjawab(diupah bayaran untuk jual database).
— Mustaffa (@dylan_mustaffa) May 11, 2023
The official Twitter page of UiTM later replied to the thread asking the user to DM them further about the issue. They later followed up with another Tweet saying, “We apologise for the mistake” and updated that the link to the list had been deactivated and an update had been made.
Kemaskini: Pautan kepada senarai tersebut tidak lagi aktif dan kemaskini telah dilakukan.
— UiTM Official (@uitmofficial) May 9, 2023
Pihak UiTM mohon maaf di atas kesilapan yang berlaku. Terima kasih.
Back in 2021 in the US, a ransomware gang started leaking the private data of universities in Colorado and Miami, to attempt to coerce them to pay the ransom to stop the leaks and to delete the stolen data.
Image credit: facebook.com/uitmcmrasmi/, @imraimy