PETALING JAYA: Customer data that was allegedly stolen from Telekom Malaysia Bhd (TM) and being sold on the Internet is outdated and recycled, says the company.

TM said that it had started an immediate investigation after it received a ransom note claiming its customer database had been breached.

This follows The Star’s LifestyleTech report that the data, which consists of customer information, was being sold on a forum notorious for trading information obtained from data breaches.

“Our investigation revealed that the alleged materials are pre-processed, recycled and dated.

“Nonetheless, we are treating the situation with utmost seriousness and are dedicated to resolving this issue with high urgency. Therefore, we have engaged the relevant authorities and lodged a police report.

“TM is steadfast in continuously fortifying our cyberdefences and bolstering our resilience against such threats to ensure our customers’ data is secured and safe within our ecosystem,” it said in a statement.

LifestyleTech had earlier written that a user posted the stolen data on a forum on Jan 24 claiming that it contained nearly 200 million entries with “nearly 20 million effective user data (sic).”

The user also provided screenshots purporting to be the company’s customer database architecture documentation, with 161 pages outlining its structure, design, and functionality.

Samples of alleged customer data obtained from the breach – which includes details such as MyKad numbers, addresses, phone numbers, salary range, job, religious beliefs, and marital status – were also shared.

The user was offering to sell the data to TM first, claiming that it won’t be sold to others after that.