Former Malaysia call centre team lead reportedly jailed for selling Singtel customer data to loansharks

According to Channel NewsAsia (CNA), Mohamad Maher Muhaffel, a Syrian national who was a team leader at a Malaysian call centre handling technical support for Singtel customers, has recently been found to be guilty of leaking information of more than 1,000 business accounts of licensed moneylenders to loansharks. He has been jailed for leaking information such as bills, company names, and landline numbers, said the CNA report. These were then used to carry out loan-sharking activities.

From 2017 to 2019, Maher reportedly conducted 1,130 screenings of business accounts belonging to licensed moneylenders and pawn shops, despite his job scope not involving such searches. Maher, who worked at Sudong, a subsidiary of Singtel located at Klang Call Centre in Selangor, Malaysia, led a team of 16 customer care officers, and had access to the IT systems in the company, including those that contained billing details of Singtel customers. 

Maher was said to have colluded with Pakistani national Adnan Ahmed Siddiqui, a former technical support employee who worked at Sudong as well. Maher was said to retrieve customer bills according to company names, Singtel account numbers and landline numbers Adnan asked for, and Adnan would then share the details with the loan shark. Adnan was previously jailed in August 2020. 

This is not the first time Singtel customer data has been sold to loansharks. Late last year, one of Singtel's assistant manager, Filipino Pleo Sherwin Cubos, was jailed and fined after he shared details of six Singtel customers with a loan shark. According to The Straits Times, Cubos screened the records of 27 customers on Singtel's system even though he was not authorised to do so, and shared the necessary information to settle his debts with the loan shark. 

Earlier in last year, Singtel also saw a data leak of personal information of about 129,000 customers containing NRIC and some combination of the following information: name, date of birth, mobile number, address. After investigations, the telco established which files on the Accellion FTA system were accessed illegally. On top of personal information, 23 enterprises were also impacted, including suppliers, partners and corporate customers. Additionally, bank account details of 28 former Singtel employees and credit card details of 45 staff of a corporate customer with Singtel mobile lines were also leaked. According to Singtel then, a large part of the leaked data includes the telco's internal information that is non-sensitive such as data logs, test data, reports and emails. The telco also said it notified all affected individuals and enterprises to help them and their staff manage the possible risks involved and take appropriate follow-up action.

Last October, the Singapore government proposed to issue a fine of up to 10% of a company’s annual turnover in Singapore, or SG$1 million (whichever is higher), should a company be found guilty of a data breach. This came as the government sought to strengthen data protection standards and enforcement, and follows a slew of data breaches last year from companies such as ShopBack, Razer, RedDoorz, and Shopify.

Separately, Singapore Airlines also recently faced a data breach impacting approximately 580,000 of its KrisFlyer and PPS programme customers. The breach originated from an external air transport information technology company. In a statement to MARKETING-INTERACTIVE, a spokesperson from SIA said details such as membership number, tier status and membership names were revealed. Credit card information, passwords, travel itineraries, passport details and email addresses were however not compromised. 

MARKETING-INTERACTIVE's Content 360 Week is back from 6 to 8 April this year! Super charge your content production, distribution and monetisation strategies by learning from brands such as NBA Asia, P&G, Malaysia Airlines, and Marriott International, among others. Sign up today!

(Photo courtesy: 123RF)

Related Articles:
Analysis: PR rule book amidst a data breach
SIA's KrisFlyer and PPS club fall prey to data breach
COURTS slapped with SG$9,000 fine for data breach
Analysis: SG govt to fine brands caught in data breaches