KUALA LUMPUR – Universiti Teknologi Mara (UiTM) has confirmed that it is working on disabling an online link to a document containing the personal details of its potential students.
Although the link to the personal information is not displayed on the university's portal, it is unsecured, allowing those with access to the link to view private details of other applicants.
Speaking to The Vibes, a source from the local university’s Communication Department said efforts are underway to check which department is in charge of handling the Google Doc.
“The information is not displayed on our official website. We are trying to trace the ‘webmaster’ (owner) for the document to ask for the link to be disabled.
“This was truly an error on UiTM’s part. We have asked for the link to be taken down and we will check on the matter from time to time,” the source said.
They also noted that the document contains the full names, identification card (MyKad) numbers, and e-mail addresses of those selected for an interview to enter its foundation programme.
Earlier today, the nation’s largest higher education institute was on the receiving end of public ire when an account on Twitter alleged that the university had posted the private details of over 12,000 individuals vying for a spot in its foundation programme.
Sooo... Uitm just dropped a list of more than 10k NRIC numbers and emails of applicants as a plain unsecured link. It's their way of letting candidates check their particulars using the browser search function from a gsheet.
— Here we go again. (@imraimy) May 9, 2023
Screenshots inside ?
The tweet, posted by Twitter user @imraimy, claimed that applicants were provided with a “plain unsecured link” which led them to the document in question to check if their particulars were listed.
About an hour after the post was uploaded, UiTM’s official Twitter account replied to the post, saying: “Greetings. We are aware of this matter. Please directly message us with information on the matter. Thank you.”
The original post has since gained over 200 shares, with many commenters expressing their incredulity at how UiTM had ostensibly violated the Personal Data Protection Act 2010 (PDPA) by broadcasting personal information.
One user, @MaisarraAnuar, flagged the Malaysian Communications and Multimedia Commission (MCMC) and Communications and Digital Minister Fahmi Fadzil over the matter.
In response, MCMC’s official Twitter persona said that issues relating to misuse of personal data fall under the jurisdiction of the Personal Data Protection Department, adding: “You may submit your complaint to (the department) for their further action.”
This is not the first time UiTM is facing data protection issues. In 2019, the university said that it would probe claims that more than a million of its students’ personal details were leaked online.
This came after tech portal Lowyat.net reported that the records of 1,164,540 students, mainly those who enrolled between 2000 and 2018, were compromised.
Besides alleging that UiTM was aware of the breach but did not disclose the matter to the public, the portal said that the leaked data included details like student name, MyKad number, house and e-mail address as well as mobile numbers. – The Vibes, May 9, 2023