Cybersecurity experts have weighed in on how a trove of leaked personal data from telecommunications companies (telcos) could have been kept secure even after it was stolen.

Details of the theft, said to be the biggest in the country, are still unclear but is believed to be linked to the Malaysian Communications and Multimedia Commission's (MCMC) Public Cellular Blocking Service (PCBS).

Previously, inspector-general of police Mohamad Fuzi Harun had said it was possible that the breach “occurred after staff from a company tasked with transferring the data took advantage of the situation."

Lowyat.net founder Vijandren Ramadass, whose tech portal first exposed the leak, told Malaysiakini that there were traces that the files had been transferred electronically through cloud storage service Dropbox...