Home banner 232b2dcc ff75 4255 8873 2001ab52baca


What can someone do with your name, MyKad number, address and phone number?

over 3 years ago Mikaela A





This article is for general informational purposes only and is not meant to be used or construed as legal advice in any manner whatsoever. All articles have been scrutinized by a practicing lawyer to ensure accuracy.



Almost all of us have shopped online. When we shop, we easily give our name, address and contact number to the seller. Then when the item is delivered to us, the abang Poslaju takes down our IC numbers before handing us the package. And lately with Covid-19 around, we’ve been asked to give our particulars to shops, restaurants and other premises before entering them.

Having all this personal information known by others is inevitable and for the most part, it may seem like a harmless thing. But the trouble starts when those handling this information misuse it. And sadly, this happens quite often. You might remember this massive data breach that was reported in 2017, where 46.2 million Malaysian mobile phone numbers were leaked, or when 30 million Malindo Airlines customers’ information was breached in early 2020.

Besides having their information breached by others, some Malaysians may have also received scam calls and accidentally given out their name or IC number to the caller. So the question is, if someone has your name, IC number, address and phone number, what can they do with that information...and what can YOU do if this info has gone to the wrong hands?


Your information can be used for...anything

Image from GIPHY

There’s actually no fixed list of what people can do with your information once they have it. We’ve written several articles to illustrate this better and how the law may be able to help in certain situations, which you can read here:

[READ MORECan security guards keep your MyKad or driving license?]

[READ MOREHow do I use the Malaysian PDPA to stop telemarketers from calling me?]

[READ MORECan friends "refer" your contact to companies without your permission in Malaysia?]

Now if someone has your IC number, they can look you up on the electoral (voter) roll, or even see if you’re receiving government aid such as Bantuan Prihatin Nasional. Back in the day, all you needed was someone’s name and you could look up their phone number in the Malaysian Yellow Pages. In current times, it’s possible to reverse search someone using their number with apps like TrueCaller.

Even businesses like banks and online shopping platforms can at any time access all the info you provided them with when you first signed up. And with this, they may be able to see all your spending history, and your contact information can be passed down to telemarketers and salespeople. get the idea—it’s impossible to list every single thing someone can do with your information. While these things cannot be fully prevented, there is still a silver lining here. One, it’s impossible for someone to empty your bank account or steal your identity with just a single piece of information. They also won’t be able to sign you up for things or make you a guarantor because you would need to be physically present for these. Secondly, the law can penalize those who release or steal your personal information.


Companies are legally required to keep your info safe

Image from Apple Support

You should note that there are actually no blanket laws to prevent all types of data breach in Malaysia...but there is one that requires businesses to keep your personal info safe. This Act, known as the Personal Data Protection Act (PDPA) 2010 only applies to commercial transactions. It covers businesses such as telcos, email service providers and any other business that takes personal info from consumers. Section 103 of that Act says:

(1) A person shall not knowingly or recklessly, without the consent of the data user—
(a) collect or disclose personal data that is held by the data user; or
(b) procure the disclosure to another person of personal data that is held by the data user.

According to the Act, personal data is defined as information that makes it possible for a person to be identified, or identifiable. This can include things such as your name, address and number, or even a specific description that fits only you. So, businesses are allowed to store personal info, but they will be penalized if any of that info is leaked. Section 130 also goes on to say:

(7) A person who commits an offence under this section shall, upon conviction, be liable to a fine not exceeding five hundred thousand ringgit or to imprisonment for a term not exceeding three years or to both

Take note that there are instances where businesses CAN give out your information, such as when the court or a Minister requires it...or you yourself agreed to it when accepting the terms and conditions of using that business’ services.

But if your data was leaked without your consent and not for legal reasons, you can file a complaint with the Personal Data Protection Commissioner who is under the Ministry of Communications and Multimedia. This Commissioner is in charge of investigating crimes pertaining to user data. However, as we said, the PDPA only applies to commercial transactions/companies. So what can you do if your info landed in the hands of someone who can’t be charged under the PDPA?


Make a report if you feel your data has been leaked

Image from Borneo Today

If the PDPA doesn’t apply to your case, the next best thing to do would be to file a report with PDRM. To reiterate, outside of the PDPA, PDRM won’t be able to charge anyone for breaching your data. However, those people can be charged for what they do using your data. So some examples of this would be scam calls where your money is stolen and identity theft, where someone else uses your information pretending to be you.

As we said, it’s impossible to fully prevent your information from being taken by irresponsible parties. But where possible, it’s best to be vigilant. So be wary of unknown numbers pretending to be a police or court officer, and make sure to read through the T&C of a service before using it.

personal data protection act
data breach
personal information
info leak
691b2141 a707 421f 8f92 2bc2c1a7f386
Mikaela A

Don't talk to me until I've had my Milo





3119b4ae 88e4 442c b6b2 c8d68553872e