Specifically, the thread claimed that a Google Sheet document link made available by the IPTA contained the personal information of 11,891 applicants of its foundation programme. Shortly after this was posted, UiTM replied to it saying that it was aware of the issue and asked the poster to contact it with more information.
Screenshots inside 🔻 — Here we go again. (@imraimy) May 9, 2023 About an hour after that, the university confirmed that the link had been disabled and that the document had been updated. Its Communication Department stated to The Vibes that while it wasn’t displayed on the university’s portal, those with access to the link were able to view the private details of other applicants while it was still active. Moreover, UiTM said at the time that it was in the midst of tracing the ‘webmaster’ (owner) of the document to ask for the link to be disabled. This disorganisation is possibly why it took the university a couple of hours to fix the issue after being made aware of it. Some users on the site noted that the university’s error might possibly violate the Personal Data Protection Act 2010 (PDPA) by broadcasting personal information. The penalty for offences includes a fine of between RM100,000 to RM500,00 and/or between one to three years of imprisonment. This isn’t the first time that UiTM had fumbled over data protection and it’s certainly not the worst. Back in 2019, the public university suffered a data breach that affected over a million students and alumni who were enrolled between 2000 and 2018. The leaked information contained people’s names, student IDs, IC numbers, home addresses, email addresses, campus information, programme information, and phone numbers. (Sources: @imraimy/Twitter, The Vibes)