Universiti Teknologi Mara (UiTM) is a university that has once again experienced a major leak of personal data. A Twitter user claimed that UiTM had shared an insecure link containing the NRIC numbers and emails of nearly 12,000 applicants. The link was in the form of a Google Sheet document and included the personal information of 11,891 applicants to UiTM’s foundation program. UiTM acknowledged the issue in a response to the tweet and requested more information from the user who posted it.
About an hour later, UiTM confirmed that the link had been deactivated and the document had been updated. UiTM’s Communication Department mentioned that although the link was not displayed on the university’s official portal, those who had the link could see other applicants’ private information. UiTM stated that they were trying to find the document’s owner to disable the link, but the process took a few hours, possibly due to disorganization.
Some users pointed out that UiTM’s mistake might have violated the Personal Data Protection Act 2010 (PDPA) by exposing personal information, which could lead to penalties such as fines or imprisonment. This is not the first time UiTM has had issues with data protection. In 2019, the university experienced a data breach that affected over a million students and alumni enrolled between 2000 and 2018. The leaked information included names, student IDs, IC numbers, addresses, emails, campus details, program information, and phone numbers.