An anonymous individual, who claims to be the source that leaked the Universiti Teknologi MARA (UiTM) data breach to tech portal Lowyat.net, is now threatening to leak the data on several sites if the university doesn’t upgrade its security system.

Only known as AA, the person reached out to The Star via email, and demands that UiTM implements Secure Sockets Layer (SSL) and TLS (Transport Layer Security) security certificates on seven portals linked to the university.

The portals are the iSTUDENT Portal System, iLearn V3 Login, Electronic Question Paper System, Portal I-Staf, PRISMa, iRMIs and UiTM Consultancy Unit website.

The demand, pasted on Pastebin on Jan 29, says if UiTM doesn’t comply by Feb 4, the person will leak 100,000 student records a day on Facebook, Twitter, Instagram, Pastebin,  Telegram and WhatsApp.

On Jan 25 it was reported that the records of 1,164,540 students and alumni enrolled between 2000 and 2018 has been leaked.

The leaked student records include details like students’ names, MyKad numbers, house addresses, email addresses, campus codes, campus names, programme codes, course levels, student IDs and mobile numbers.

“It would take a basic idiot one day to implement this security measure across all the sites,” claimed AA.

The individual claimed that UiTM has failed to implement basic security measure for its online systems, describing its English Evaluation Test (EET) system as a “security nightmare” which could easily be bypassed by anyone with basic Javascript knowledge.

“The greatest disappointment is, of course, your failure to disclose the fact that there was in fact a data breach, and that millions of data have been leaked. You have decided to cover up the fact, when you should have announced it long before,” claimed AA.

A UiTM spokesperson said the university is looking into the demand.

UiTM vice-chancellor Emeritus Prof Datuk Dr Hassan Said has since denied that the university’s system was hacked, saying screenshots of the leaked data doesn’t match the formatting of UiTM’s internal systems.

“This shows that the information has been edited or manipulated by irresponsible parties, and proves that the information is not the gleaned from a hack of UiTM’s systems,” he said in a press statement last week.