Cops to look into alleged data leak

KUALA LUMPUR: Everyone is a suspect for now, say the police on a purported database leak of personal information of four million Malaysians that is for sale online.

And the police are looking at the possibility of the leak being an inside job.

“We received a report yesterday (Monday) from the National Registration Department (NRD) deputy director in Putrajaya,” said Bukit Aman Commercial Crime Investigation Department (CCID) director Comm Datuk Mohd Kamarudin Md Din.

“From there, we will work backwards to identify where the leak is.

“We will also compare the leaked data to our own database to verify if the information is legitimate,” he said.

The availability of the database was made public on Twitter by Adnan Mohd Shukor, an intrusion analyst, who also shared a screenshot of the database being sold online for 0.2 BTC (RM35,350).

The 31.8GB file purportedly contains names, email addresses, mobile numbers and addresses grouped by birth year from 1979 to 1998.

It was claimed that the data was harvested from the NRD through the MyIdentity application programming interface (API).

MyIdentity is a centralised data-sharing platform that is used by various government agencies. However, the MyIdentity website – which was set up in 2012 – is no longer accessible.

At a press conference in the Jinjang police station, Comm Mohd Kamarudin said that the police do not deny the possibility of an inside job.

“We have to determine our course of action. This data belongs to us and if it goes out there, scammers will profit,” he said, adding that the police are taking the matter seriously as the leak could also lead to more scams.

The Inland Revenue Board (IRB) has denied an online report claiming that the data leak originates from its website through the MyIdentity API.

In a statement, IRB said it is only a user of the service and does not own the MyIdentity system which is under the purview of the NRD.

“An internal investigation was conducted and no data or information leak was found,” it said.

IRB said it is currently cooperating with the NRD, the National Cyber Security Agency (Nasca) and the National Security Council to investigate the allegations.

Adnan said he had informed the relevant parties about the database before going public on Twitter.

He has been on the lookout for the database, as it has been talked about by a number of online sellers for the past few months.

“I have a crawler running to monitor a few specific keywords. I got an alert on Monday morning and found this posting in a marketplace for database breaches and leaks,” Adnan said in a phone interview.

“This is not the first time that such a database with details from NRD has leaked onto this marketplace.

“I believe this database is likely to be legitimate as I have sources who have said they have discovered similar findings,” he claimed.

“I’ve reported previous findings before and felt that there was no progress. Instead, I got some disappointing responses.

“They were more concerned about how I found the database. As this is now public, I hope to see things change,” he said.

Article type: metered
User Type: anonymous web
User Status:
Campaign ID: 46
Cxense type: free
User access status: 3
Join our Telegram channel to get our Evening Alerts and breaking news highlights

Next In Nation

Melaka polls: Multi-cornered fights, Umno-Bersatu clashes expected, say analysts
Covid-19: Health Ministry wants to meet and engage anti-vaccine groups directly
Sabah's immunisation programme to go on despite closure of some PPV, says Shahelmey
Sunway Malls unveils its e-commerce platform
One killed, two injured after motorcycles crash on Lekas Highway
Court of Appeal allows return of Najib's passport so he can visit daughter in Singapore
Man travelling to Selangor arrested in Perak with 60kg of ketum leaves
Melaka goes to the polls on Nov 20
Ipoh Magistrate's Court sets Nov 26 for mention of murder case involving security guard
Covid-19: Almost 90% of students aged 12-17 have received at least one dose of vaccine

Others Also Read