Malaysian bank employees sell client data at $1/name

Seriously. And for a bit more you can buy names, credit card details and even handphone numbers of senior business people, all stolen by bank employees and sold on the black market.

Sale offer of a particular database was advertised in a local newspaper, and all it took was one phone call to the advertiser to gain access to what was supposedly confidential data. According to a report by thestar online, Sunday Star responded to the advertisement for verification purposes. The "transaction" was successful, providing Sunday Star a list of 1,000 names with contact details. Aside from the client’s area of residence and phone number, other information such as type of credit card, issuing bank, and place of work were contained in the sold database.

The seller, although not elaborating how, said he obtained a total of one million contacts from local banks and could provide custom-made lists for buyers. Identity card numbers and birthdays were among the other confidential information provided for certain entries, added the seller. For RM100 or approximately US$28, a list of a thousand names with their corresponding data could be made available. A similar database, on the other hand, was sold and resold for more or less US$1 per entry—the original seller being someone from within the company.

Although there were mixed reactions from the people who were part of the list, banks regard information leaking as a very serious offense. Under Section 97 of the Banking and Financial Institutions Act 1989 (Bafia), offending parties could be subjected to punishment. Chuah Mei Lin, executive director of the Association of Banks in Malaysia (ABM), said, "Members of the public are encouraged to contact the Association via its ABMConnect in respect of any suspected breach of confidentiality on the part of its member banks."