Wednesday, January 24, 2018

Data Breach, Sekali Lagi


Hari ini, sekali lagi laporan berkenaan data breach dikeluarkan di Malay Mail dan NST Online. Di bawah merupakan laporan yang dipetik dari Malay Mail Online bertarikh 23 Januari 2018. Polis pula mengesyaki ianya dari sumber yang sama dengan kes kebocoran maklumat data telco. Seperti yang saya duga, kes tahun lepas ini bukan menjadi titik noktah kebocoran maklumat yang akan dilaporkan di media.

Adalah penting bagi pihak berkuasa melakukan tindakan untuk mendakwa mereka-mereka yang membocorkan data-data ini. Jika tidak, orang ramai akan risau tentang keselamatan rekod-rekod mereka yang disimpan oleh organisasi. Perkara sebegini bukanlah aneh di negara-negara lain, malah negara yang telah maju juga ada berlaku perkara sebegini.

Persoalan utama ialah adakah data ini dicuri dari luar organisasi atau ianya perbuatan orang dalam. Walau apa jua jawapannya, organisasi perlu lebih peka tentang keselamatan rekod dan data mereka. Terdapat pelbagai jenis guideline dan polisi untuk mengawal maklumat dari bocor, namun adakah organisasi 'practice' polisi ini dengan sebenar-benarnya atau sekadar melepaskan batuk di tangga. Pengurusan rekod yang sempurna meliputi juga aspek keselamatan rekod termasuk maklumat dan data dari dibocorkan. Jika kebocoran tetap berlaku, ini menunjukkan bahawa pengurusan rekod masih belum di tahap yang sepatutnya diamalkan. Lebih-lebih lagi jika ianya melibatkan organisasi besar.

Yet another data breach, personal details of over 200,000 local organ donors leakedored the original article on October 20 with MCMC’s approval.

KUALA LUMPUR, Jan 23 — The personal details of around 220,000 Malaysian organ donors and their next-of-kin have been leaked online since September 2016, tech forum Lowyat.net reported today.
This comes months after an earlier report by the same website claiming that the personal data of millions of Malaysians had been stolen and was being sold online.
“While the total number of records of this leak is nowhere near the massive amounts of data leaked in the mobile telco data breach that we reported back in October 2017, this leak contains one very serious implication where it reveals personal information of a nominated next-of-kin.
“This doubles up the actual number of records leaked to 440,000, and also links two individuals to each other in a binding relationship — whether it may be husband/wife, siblings or parental,” Lowyat.net said in its latest report.
The online forum said that the leaked files are updated up to August 31, 2016, and contain complete listings of a donor’s MyKad details, contact number, home address, organs which will be donated as well as the information pertaining to the next-of-kin.
Lowyat.net pointed out that the leaked data contains sign up data from government hospitals as well as the National Transplant Resource Centers across the country.
The online forum explained that this meant that said information was originally retrieved from a central database, and that the files were first uploaded online to a popular file sharing service on September 29, 2014.
“The data dump is divided into files, by year of sign up — from 1997 till 2016, however, for reasons we are not able to ascertain, all data from 1997 to 2008 is filled with auto generated dummy data, rendering them useless.
“The data dump from January 2009 to August 2016 however contains complete personal details of around 220,000 individuals who have signed up as organ donors, as well as personal details of their next of kin,” the report added.
What is alarming is that the file dump also includes an annual breakdown of demographic data of all organ pledgers by sex, race, origin, types of organs as well as age groups.
Lowyat.net said it has already alerted the Department of Personal Data Protection of the alleged data leak before the report was published.
The Malaysian Communications and Multimedia Commission (MCMC) has yet to comment on this leak at the time of writing.
In October, the MCMC had instructed the forum to take down the article on October 19 soon after it was published. The regulator later explained in a statement that the order to take down the report as a “preventive measure”.
Lowyat.net then restored the original article on October 20 with MCMC’s approval.

Read more at http://www.themalaymailonline.com/malaysia/article/yet-another-data-breach-personal-details-of-over-200000-local-organ-donors#qk1ZDqWkbbtfuXgw.99

Tuesday, January 02, 2018

Surely A Fun SURE 2017 Day






Entri pertama 2018 berkisar mengenai kisah 2017. Pada 1 dan 2 Disember 2017, program Pengurusan Rekod Fakulti Pengurusan Maklumat UiTM Kampus Puncak Perdana telah menganjurkan SURE 2017 atau nama panjangnya Sukan Rekod. Tujuan utama SURE 2017 ini ialah untuk mengeratkan silaturrahim di antara semua Penasihat Akademik dan para pelajar.





Pelbagai acara sukaneka dijalankan pada 2 Disember 2017 bermula pagi sehingga tengahari. Program terlebih dahulu bermula pada malam 1 Disember 2017 di mana majlis pelancaran dan pengenalan kumpulan diadakan di Dewan Seminar UiTM Puncak Perdana.


Kumpulan dibahagikan mengikut Penasihat Akademik masing-masing dan tema superhero digunakan. Ada Kung Fu Panda, Superman, Batman, Flash, Iron Man dan banyak lagi. Kesemuanya ada 18 kumpulan yang bertanding.


Majlis penutup yang dijalankan pada tengahari turut disulami dengan penyampaian hadiah bukan sahaja kepada pemenang sukan tetapi juga kepada pemenang kategori akademik dan kepimpinan.

 Tahniah semua.