U Mobile Data for 4 Million Users Resurfaces from 2014 Breach

What Happened

A threat actor posted a dataset for sale on the dark web, claiming it contained the personal information of 4 million U Mobile customers. The asking price was $5,000 in Bitcoin. The exposed data reportedly includes full names, addresses, Malaysian identity card (IC) numbers, phone numbers, and postal codes.

Impact

While the data is from an old incident, its re-emergence poses a renewed risk to affected individuals. The information can be exploited for identity theft, targeted phishing campaigns, and other social engineering schemes. The availability of IC numbers is particularly sensitive.

Response

U Mobile promptly addressed the claims, stating the data originates from a previously disclosed breach that occurred in 2014. The company reassured its customers that there has been no new security compromise and that their current systems remain secure. They emphasized their commitment to protecting customer data through robust security protocols.