PETALING JAYA: Payment gateway provider iPay88 revealed in a statement that it suffered a "cybersecurity incident" that may have compromised customers' card data.

The company provides payment processing services to a host of businesses, including ecommerce platform Shopee and Apple authorised reseller Machines.

ALSO READ: Malaysians’ personal data allegedly being sold openly on the Internet (Update: Site is down)

Payment cards from most major banks and ewallet services in the country are accepted by the gateway, making the incident especially concerning.

While it is unclear when the incident occurred, iPay88 said that the leak was detected on May 31.

ALSO READ: Data of Malaysians born between 1940 and 2004 allegedly being sold for over RM40,000

"Upon discovery of the issue, we immediately initiated an investigation on May 31 and brought in cybersecurity experts to contain the issue," the company stated.

It claimed that the containment process was successful, with no further suspicious activity detected since July 20.

ALSO READ: Netizens express concern over online sales of Malaysian phone numbers

"To ensure the continued safety of the card data, we have implemented various new measures and controls to strengthen the system’s security against any further incidents," iPay88 posted on its website.

It also said that an investigation into the incident is still going on and that more information will be shared later.

ALSO READ: Database containing personal info of four million Malaysians allegedly being sold online

"All financial institution partners have been informed and kept up to date.

"We will continue to monitor the situation closely and ensure the safety of the cardholder data," it said.

Lembah Pantai MP Fahmi Fadzil criticised the company on Twitter, saying that iPay88 didn't act quickly enough to warn customers even though the incident happened more than two months ago.

He said the Personal Data Protection Act 2010 has to be amended, adding, "Too many data leaks. Too little data protection."