TRANSPARENCY International Malaysia (TI-M) has expressed its concern over the lack of digital security for the personal data of Malaysians.
This is following news reports on May 17, 2022 that the official records of over 22 million Malaysians allegedly from the National Registration Department (JPN) have been offered for US$10,000 (RM43,000) online.
According to Lowyat.Net the data leak first appeared online on a “well-known database marketplace forum” with the information offered said to cover Malaysians born between 1940 and 2004.
The report said that the database contains fields such as the person’s name, IC number, address, date of birth, gender, race, religion, mobile number and Base54-based photo.
Home Affairs Minister Datuk Seri Hamzah Zainudin had denied that the data came from JPN and said that the Ministry will investigate the individuals behind the sale of personal data.
Meanwhile, Defence Minister Datuk Seri Hishammuddin Hussein said that the data leak would not be able to affect national security as his Ministry has systems in place to prevent such a situation.
He said that relevant intelligence agencies are prepared for any eventuality that could come from the breached data, although he did not clarify what specific mechanisms would prevent the data from being misused.
“Earlier this month we were served with media reports of a cybersecurity expert exposing personal data of the employees involved in the Public-Private Covid-19 Industrial Immunisation Programme (PIKAS) register operated by Ministry of International Trade and Industry (MITI),” TI-M said.
“Among the files found in there were spreadsheets that are the ones that companies were supposed to submit to MITI via the PIKAS system.
“The spreadsheets in question had the names, IC numbers, employee ID, age, gender and contact numbers of the staff of the said companies.”
On June 13, 2022 online news portal Soyacincau also shared news of an OpenSource Intelligence Tool (OSINT) website that is purportedly selling JPN and MySejahtera data online.
The users who had reported the OSINT to the media had shared that the data was available for purchase for as low as RM6.63 and offered accountholders the option to erase their details from the database for a price.
“Neither of these incidents are isolated or new. The media has been saturated with news of data leaks, risks to personal data protection and consequently, demands for answers from the government on how our data is being handled,” TI-M noted.
“The irony is our demands for transparency are responded with opacity and secrecy, whilst our personal data appears to be transparently available for picking.”
On Wednesday (June 29) the Home Affairs Ministry has announced that it is taking a firm measure by limiting only 44 government-related agencies to access Malaysians’ personal data in the JPN database.
“Is this action too late after the horses have bolted? [TI-M] urges the Government to allow the transparent disclosure of the progress of the police investigations into the previous data leak in May 2022 and identifying who are responsible for this crime.
“The rakyat must also be informed of the Government’s plan to prevent the sale of our data, and to safeguard our data from facing the same threat in the future.
“The silence is deafening. The government doesn’t seem to have the answers to such important questions being asked but is nevertheless answerable to the people for any failure to protect our data.” – July 1, 2022
