University Loses Information on over One Million Student and Alumni

2019, Breaches, January

Who: Universiti Teknologi Mara (UiTM)

No. of Accounts Breached: A total of 1,164,540 records

What was affected: Records, belonging to students who enrolled for various courses at Universiti Teknologi Mara (UiTM) between 2000 and 2018 When it happened: January 29, 2019

How it happened: An anonymous individual, who claims to be the source that leaked the Universiti Teknologi MARA (UiTM) data breach to tech portal Lowyat.net, is now threatening to leak the data on several sites if the university doesn’t upgrade its security system. Only known as AA, the person reached out to The Star via email and demands that UiTM implements Secure Sockets Layer (SSL) and TLS (Transport Layer Security) security certificates on seven portals linked to the university.

The portals are the iSTUDENT Portal System, iLearn V3 Login, Electronic Question Paper System, Portal I-Staf, PRISMa, iRMIs, and UiTM Consultancy Unit website. The demand, pasted on Pastebin on Jan 29, says if UiTM doesn’t comply by Feb 4, the person will leak 100,000 student records a day on Facebook, Twitter, Instagram, Pastebin, Telegram and WhatsApp.

Outcome: A UiTM spokesperson said the university is looking into the demand. UiTM vice-chancellor Emeritus Prof Datuk Dr. Hassan Said has since denied that the university’s system was hacked, saying screenshots of the leaked data doesn’t match the formatting of UiTM’s internal systems. “This shows that the information has been edited or manipulated by irresponsible parties, and proves that the information is not the gleaned from a hack of UiTM’s systems,” he said in a press statement last week.