A scam out of Jitra

THUS far, I've had three friends relate their stories of a new scam coming out of Jitra, Kedah. A person claiming to be an officer of the court had called them on different occasions to say they have a pending court case over credit cards issued by a large bank.

The scammer had the phone numbers of my friends and their mailing address. And he had asked them to provide more details. Of course, the three people were not gullible enough to respond and reveal information about themselves.

However, there are gullible Malaysians who would have fallen for the ploy and revealed confidential information.

With the recent case of a massive data leak such scams will continue. At the time of writing this column, only one telecommunications company, Celcom, has issued a public statement acknowledging the leak.

Every other telco has been silent. My understanding of the case is that data has been handed over to scammers, marketers and even the odd pollster or two. So far, Malaysians have only been informed that this matter is under investigation by the Malaysian Communications and Multimedia Commission (MCMC).

I have been told that investigating such a leak will be difficult since it occurred some years ago. And yet somehow, consumers did not notice this, the authorities didn't investigate back then, and the companies holding our private data did not file any reports.

Private data security needs to be re-examined and those holding our private data need to be held accountable with harsh penalties for errant parties, especially when data is revealed without the consent of their customers.

We need to re-examine how this data was somehow intercepted and sold. Frankly, it is disappointing to note that perhaps investigations won't amount to much.

So, what should Malaysians do? What are the steps we need to take to prevent scams by those with our private data in their hands?

I can only think of one way – and that is a massive change of phone numbers by all telcos to renew their contact details. This needs to be done by all telcos simultaneously. And the telcos must bear the cost since they let the cat of the bag.

Banks need to work with the telcos to inform customers of scams using leaked data.

Did we somehow miss a line of fine print in service and end user agreements which absolves all of them from being held accountable for leaks of our private data?

International technology and telecommunication companies require the strict protection of private data to be part of their services. So, are we setting the bar too low for our companies?

Employment search company Jobstreet has issued a notice that their data has been hacked. Similarly, LinkedIn went through this phase a couple of years ago. Both companies were transparent about their leaks and went about asking users to assist in ensuring data privacy and security.

We still don't have our telcos offering to do the same.
I ask Malaysians a simple question. How much do we care about our private data being in the hands of others? Should they be responsible for keeping that data safe? Should those found guilty of leaking private data face harsh penalties?

Hafidz Baharom is a public relations practitioner. Comments: letters@thesundaily.com