Why is Malaysia seeing a rise in data leaks, and what is the government doing to stop it?
- Experts recently discovered a website that offered access to a wide range of personal data. In April, personal data of 22.5 million Malaysians was leaked online
- The government has pointed to ‘the internet’, telco companies, financial institutions and other agencies as being the source of April’s leak
Malaysians were given a rude shock in April, following the revelation that the personal data of 22.5 million citizens ranging from their full names to identification numbers, home addresses, phone numbers and ID photos, were stolen from government servers and sold on the dark web for a reported price of just US$10,000.
Barely two months later, Malaysian computer security experts, or “white hat hackers” discovered a website on the conventional internet that offered access to a wide range of personal data of Malaysians.
By simply keying in a portion of a valid ID number, users could gain access to everything from names and addresses to voting constituencies and student loans, suggesting that data leaks were not confined to servers managed by the national registration department but also that of the election commission and financial agencies.
The now-defunct website offered more in-depth data for a price, and even offered to help flush personal information from the database for a US$99 fee.
The white hat hackers, who spoke on condition of anonymity due to the sensitivity of the matter, said the website was likely operated by Malaysians and have reported their findings to the authorities.
These were just two of the latest incidents of data security breaches faced by Malaysians, as the pandemic thrust the country on the path of accelerated digitisation over the past two years amid extended lockdowns and movement curbs that prompted a surge in remote working and e-commerce.
The government had been largely silent about the hacks, albeit for a couple of ministers dismissing concerns of lax data security.