‘Curb data leaks with heavier penalties’


PETALING JAYA: With cybersecurity threats and data leaks becoming the norm today, so too have calls for accountability towards all parties when it comes to the protection of data.

CEO and founder of cybersecurity firm LGMS Bhd, Fong Choong Fook, believes that cybersecurity incidents will remain an ongoing issue until more severe penalties are put in place.

“There should be a review of the Personal Data Protection Act 2010 (PDPA) to further extend the coverage of the Act and impose a more severe penalty from a legal perspective, on both private organisations and government agencies responsible for data leaks.

“Otherwise, every now and then the negligence of government agencies could cause data leaks,” he said.

In the latest incident, the personal data of over 802,259 Malaysians, allegedly siphoned from the MySPR Daftar website, is being sold on an online forum for US$2,000 (RM9,240), to be paid in bitcoin or monero cryptocurrency.

The seller claimed that the Election Commission database includes selfies and MyKad photos that were provided for online voting registration on its MySPR Daftar website through the electronic Know Your Customer system.

The database is alleged to contain over 1.6 million photos, with a file size of 67GB.

The uploader claimed that the database also contains the full names, MyKad numbers, email addresses, hashed passwords, phone numbers, birth dates and addresses of voters.

Though the post was first made back on April 11, its existence was highlighted by Twitter user @acaiijawe on Wednesday.

In another post, the uploader is selling the personal data belonging to 22.5 million Malaysians born between 1940 and 2004, allegedly obtained from the My Identity API.

The MySPR Daftar website was launched back in 2019. It allowed Malaysians to register as voters online, though with the shift to automatic registration this year, the MySPR system now only functions for changing voting addresses and the application for postal voting for those overseas and other eligible individuals.

Both threads made by the uploader are still up on the forum.Fong also urged for more transparency in the investigation of cybersecurity incidents such as this.

“We have so many prevention and detection technologies in place, but there is no transparency in the investigation or outcome, so we do not know what the root causes are.

“But one thing is for sure, we know that the government is not doing enough, which is why we are continuously seeing cyberattacks impacting the public sector.

“I think the government needs to review who it’s engaging as security advisers and their security capabilities. We need to set a higher standard,” he added.

Bar Council co-chair of the intellectual property committee, Foong Cheng Leong, concurred, saying that such incidents have happened many times but nothing substantial has been done by the government to secure people’s data.

“Given the poor security measures by the government, the public should not volunteer so much information to them.

“The public must also demand an explanation from SPR and that it discloses full details of the investigation. Authorities have to re-look their security practices, including the online verification process,” said Foong.

The Personal Data Protection Department declined to comment, saying that the PDPA (Act 709) doesn’t apply to state and federal government bodies.

The Act, it said, is for regulating the processing of personal information in commercial transactions.

CyberSecurity Malaysia also declined to comment while the Malaysian Communications and Multimedia Commission has yet to respond as of press time.

Get 20% OFF The Star Digital Access

Monthly Plan

RM 13.90/month

RM 11.12/month

Billed as RM 11.12 for the 1st month, RM 13.90 thereafter.

Best Value

Annual Plan

RM 12.33/month

RM 9.87/month

Billed as RM 118.40 for the 1st year, RM 148 thereafter.

Follow us on our official WhatsApp channel for breaking news alerts and key updates!

Next In Nation

PTPTN’s Prime Bonanza Draw offers nearly RM500,000 in prizes
Negri polls: PKR submits list of candidates to top leadership
Johor polls: PH's Guna aims to fix infrastructure issues, bring more jobs to Layang-Layang
Onn Hafiz rubbishes claims of Johor's unbalanced development, forced migrations
Semantan Estate fails to postpone Duta Enclave land compensation assessment proceedings
Malaysia targeting rocket production in two years, missiles next, says Khaled
Retiree loses over RM914,000 to fake 'AI-powered' investment scheme
Pahang cops seize over RM700,000 worth of drugs in Bentong
Thin wire identified as cause of minor explosion LRT Kelana Jaya line
Cops to propose tougher penalties for driving under influence offences

Others Also Read