DAP chairman Lim Guan Eng has called on the relevant authorities to update the public on the latest regarding last month’s data breach that hit online payment service provider iPay88.
“To date, there is no progressive report on the probe carried out by the Malaysian Communications and Multimedia Commission (MCMC), the Personal Data Protection Department (PDPD) and CyberSecurity Malaysia (CSM),” Lim claimed in a statement today (Sept 5).
The former finance minister said since iPay88 has already confirmed that a cybersecurity incident had occurred that may have compromised consumer credit card data, Communications and Multimedia Minister Tan Sri Annuar Musa should specify what action he or the aforementioned agencies have taken so far.
“This data breach involves a matter of national security of our country’s finances that warrants serious attention,” Lim noted.
On Aug 11, iPay88, a payment company that offers e-commerce, retail, online banking and e-wallet solutions, acknowledged that a recent cybersecurity breach may have compromised the card data of its users.
The company said that it had initiated a probe on May 31, engaging experts to mitigate the matter, but did not specify when the security breach had happened.
iPay88 has since courted intense criticism for only making a public statement much later on and for not explaining when the security breach was detected and who was affected.
Following the announcement, Bank Negara Malaysia (BNM) assured the public that the nation’s payment system remains safe as the data breach originated from and was confined to iPay88’s payment card systems and did not involve vulnerabilities in the banks’ systems.
“Not reassured”
However, according to Lim, many bank depositors and customers are not reassured and remain “extremely nervous” about the protection, security and “integrity” of funds in their bank accounts.
“Further, no one knows what ‘vulnerabilities’ in the banking system BNM is referring to,” he added, pointing to many reported cases by the public of sudden and unaccounted-for disappearance of monies from their bank accounts.
The Bagan MP said confirmation by iPay88 that their customers’ card data might have been compromised after a cybersecurity incident does not help to generate public confidence.
To make matters worse, the extent of bank customers’ critical financial data that potentially leaked from the data breach remains unknown.
He also noted that the outcome of BNM’s forensic investigations into the matter has not been made public yet as well.
“The time has come for Annuar and BNM to uphold transparency and accountability by providing answers to ensure that the digitalisation of banking services is not jeopardised by the loss of public confidence following the data breach,” Lim said.
iPay88 has since been told to provide financial compensation to affected customers, while the Government has been urged to amend the Personal Data Protection Act 2010 (PDPA) to compel companies to notify the authorities immediately in the event of a data breach.
More than 100 million sets of personal data in Malaysia were compromised in the last five years, according to PKR lawmaker Fahmi Fadzil. – Sept 5, 2022
Main pic credit: Adobe Stock Photos
