INTERNATIONAL Trade and Industry Ministry (MITI) must explain the data leak involving records from MITI’s public-private partnership COVID-19 industrial immunisation programme (PIKAS).
Bangi DAP Ong Kian Ming said that MITI must also explain the steps that it is taking to safeguard the security of other data including the CIMS 3.0 database.
In a statement, Ong urged the ministry to reach out to the companies whose employee data was listed in the Excel sheets that were publicly accessible so that the employees at these companies can be on alert if their personal data is being used by others.
“As one of the frontline ministries in dealing with industries and companies, many of which operate at the international level, MITI must be fully transparent and present a full public explanation on this data breach so that it can continue to command the confidence of its stakeholders,” Ong remarked.
On Wednesday (June 1) IT and cybersecurity expert Dr Suresh Ramasamy said that he was alerted about the possible data leak on the PIKAS website.
He claimed to have discovered a PIKAS portal server which allowed him to access an open directory containing Excel files with employee details including MyKad or passport number, employee ID, age, gender and contact number. He claimed to have seen more than 2,000 files.
Suresh had then made a complaint to CyberSecurity Malaysia which had responded several days later saying that the case had been closed.
However, Ong – a former deputy minister at MITI – revealed that this was not the first time Suresh had revealed some of the shortcomings of the ministry’s website.
“He had previously commented on some of the weaknesses of MITI’s COVID-19 Intelligent Management System (CIMS), the web portal that was used by companies to obtain a letter of approval from MITI in order to continue to operate during the various movement control orders (MCOs),” Ong explained.
“MITI must clarify whether the IT security flaw was due to an error made by the IT department at the Malaysia Automotive, Robotics and IoT Institute (MARii), an agency under MITI in charge of developing and maintaining the CIMS.
“MITI must also explain on whether these IT breaches, possibly involving MARii, is due to the lack of leadership at this agency, especially after the removal of its CEO Datuk Madani Sahari, who was arrested and remanded by the Malaysian Anti-Corruption Commission (MACC), along with 8 others, in March 2022, over a project worth RM85 mil.” – June 3, 2022
