Maxis Berhad, a Malaysian mobile operator, is investigating an alleged cybersecurity incident after hacker group R00TK1T claimed to have breached its infrastructure and threatened to expose a "treasure trove of customer data."
Maxis stated that it is working with the third-party vendor to further investigate the issue and has already informed the appropriate authorities.
The R00TK1T group, which is known for sophisticated cyber intrusions and software exploits against government organizations and private sectors, claimed earlier today that they had gained access to Maxis' backend system. It threatened to release customer data obtained during the alleged attack, exposing vulnerabilities in the telco's security systems.
Maxis is the latest victim since R00TK1T warned that Malaysia would be their next target of attack. The group claims to have breached Aminia— a Malaysian network solutions and system integrator. It has also defaced and hacked YouTutor, a local tutoring course website, and stolen a database containing 1,886 lines of user data.
The company said, “We did not identify anything related to our systems but have found a suspected incident involving unauthorized access to a system belonging to one of our third-party vendors that reside outside of Maxis’ internal network environment.”
Privacy and Security at the Forefront
The company stated that it will implement additional defense measures to reduce future risk. This step is critical to protect the sensitive customer data held by the Malaysian mobile operator, including personal and financial information. Strengthening defense measures not only safeguards customer privacy but also ensures compliance with stringent regulations, thereby mitigating the risk of legal penalties and reputational damage.
“Our customers’ privacy and security are of the utmost importance to us, and our ongoing priority is a thorough assessment and containment,” the company added.
Moreover, enhancing defense measures helps Maxis Berhad mitigate the financial impact associated with cybersecurity breaches. The company can reduce expenses related to incident investigation, customer notification, and security upgrades, while also minimizing potential revenue losses and market value depreciation.
