Data of Malaysians born between 1940 and 2004 allegedly being sold for over RM40,000


The seller claimed that this is an expanded database compared to the one he sold in September last year, which was only up to 1998. — 123rf.com

PETALING JAYA: An alleged data leak containing the information of 22.5 million Malaysians born between 1940 and 2004, purportedly stolen from the National Registration Department (NRD), has once again put the country’s data security measures in the spotlight.

Local tech portal Amanz reported that the database, 160GB in size, is being sold for US$10,000 (RM43,950) on the dark web.

In the screenshot shared by the portal, the seller claimed that this is an expanded database compared to the one he sold in September last year, which was only up to 1998.

ALSO READ: Database containing personal info of four million Malaysians allegedly being sold online

In both incidents, it was claimed that the data was syphoned from the National Registration Department (NRD) through the My Identity API. MyIdentity is a centralised data-sharing platform that is used by various government agencies.

However, when the first data leak allegedly involving the NRD database of people born between 1979 to 1998 was discovered last year which was being sold for 0.2 BTC (RM35,350), Home Minister Datuk Seri Hamzah Zainudin denied there was an intrusion.

“Don’t worry about data held by NRD. Our firewall is quite strong,” he said in a report.

He also said all agencies using the MyIdentity system had been instructed to implement stricter safety measures.

ALSO READ: Netizens express concern over online sales of Malaysian phone numbers

Lawyer Foong Cheng Leong said the lack of transparency on investigations related to data leaks in Malaysia has been frustrating.

“There needs to be an account of how the matter is being investigated and what steps are being taken to ensure that the data is secure.

“The information could serve as a deterrent to others and show that there will be consequences for those leaking private information,” he said in a phone interview.

ALSO READ: Making it mandatory to declare data breaches

Foong urged fresh investigations to be conducted by the relevant agencies, including the Department of Personal Data Protection (JPDP) to discover if the leak was genuine.

When contacted, JPDP declined to comment at this point.

Foong said the data from the alleged leak could be used by scammers to dupe victims.

“For example, they could pose as an authority figure and present information such as your MyKad number or address to gain your trust.

“They will use this to convince you to give out more details or perform financial transactions,” he said.

When contacted, CyberSecurity Malaysia declined to comment, stating that the matter is under the jurisdiction of JPDP.

And the NRD has yet to respond to requests for information.

Article type: metered
User Type: anonymous web
User Status:
Campaign ID: 46
Cxense type: free
User access status: 3
Join our Telegram channel to get our Evening Alerts and breaking news highlights
   

Next In Tech News

Vodafone, Google look to extend Wear OS smartwatch battery life
Apple eyes fuel purchases from dashboard as it revs up car software
Basel revises bank crypto capital plan to include blockchain
EU extends roaming regulations for telecom providers until 2032
It's alive! How belief in AI sentience is becoming a problem
US needs to do more to protect companies against state-sponsored cyberattacks, experts say
Carousell rides sustainability trend in Hong Kong, aims to make buying and selling of second-hand items ‘as frictionless as possible’
Fewer billionaires in mainland China as ultra-wealthy feel pain of Beijing’s tech, property crackdowns, study says
France's Thales creates cloud services company powered by Google
Chinese team implants brain sensor without cracking skull

Others Also Read