PETALING JAYA: Telekom Malaysia has confirmed that a data breach, which it became aware of on Dec 28, affects its Unifi Mobile users, both individual customers and small and medium-sized enterprises (SMEs).

In a statement to LifestyleTech, the company said that its investigations revealed that 250,284 accounts were affected, exposing customers' names, phone numbers, and emails.

The company claimed that no other information was revealed.

"TM confirms that the breach has been contained and has taken steps to minimise the potential impact to these 250,248 customers," it said, adding that affected customers have been notified.

The company also said that customers did not experience service disruptions during the incident.

Intrusion analyst Adnan Mohd Shukor tweeted about the database today (Dec 30). He later deleted the post, claiming that he received an "official request" via email for its removal.

The seller, who posted on a popular data breach forum on Dec 24, claimed that it contains over 2.7 million data entries for the price of US$850 (RM3,750).

According to the uploader, only a single copy of the data will be sold, and it will also include "admin access", with no further explanation given.

It also included a sample of 100 data entries.

Based on the sample, the database contained full names, phone numbers, email addresses, payment methods, and amounts paid, along with transaction IDs and receipt numbers.

"TM is closely monitoring the situation and is conducting additional assessments. We advise customers to take extra precautions when receiving communications from unknown parties, as well as to secure their online information at all times," it said.

TM has also reported the matter to the National Cyber Coordination and Command Centre (NC4), the Department of Privacy and Data Protection (JPDP), and the Malaysian Communications and Multimedia Commission (MCMC).