KUALA LUMPUR: Initial investigations showed that a “sophisticated” and “discreet” hacking method was used in the cyberattack against Prasarana Malaysia Bhd, says the Digital Ministry.

The ministry said its Personal Data Protection Commissioner’s Office had conducted initial investigations into the incident last year.

In a parliamentary written reply dated Feb 12, the ministry said Prasarana’s security system could not detect the unauthorised access due to the hacking method.

It said Prasarana has since beefed up its system security following the incident.

“Prasarana has given its full cooperation and all the required information throughout the investigation process,” it said.The ministry said investigations are still ongoing and the Commissioner’s Office will conduct further checks.

The ministry was responding to a question by Ahmad Fadhli Shaari (PN-Pasir Mas) on the findings of the investigations.

On Aug 25 last year, FalconFeeds.io, a threat intelligence platform, made a post on X claiming that Prasarana was hit by a cybersecurity incident. The platform alleged that a ransomware group had obtained 316GB of data and planned to publish it.

Prasarana, owner and operator of Malaysia’s rail services, including the LRT networks, KL Monorail and MRT lines, confirmed that a cybersecurity incident affected part of its internal systems.

The Commissioner’s Office was informed about the cyberattack on Aug 26. It then instructed Prasarana to issue a Data Breach Notification by Aug 29, which was complied with by the company.