Payment gateway provider iPay88 says ‘cybersecurity incident’ may have compromised users’ card data

iPay88 claimed that the containment process was successful, with no further suspicious activity detected since July 20. — Image by Darwin Laganzon from Pixabay

PETALING JAYA: Payment gateway provider iPay88 revealed in a statement that it suffered a "cybersecurity incident" that may have compromised customers' card data.

The company provides payment processing services to a host of businesses, including ecommerce platform Shopee and Apple authorised reseller Machines.

ALSO READ: Malaysians’ personal data allegedly being sold openly on the Internet (Update: Site is down)

Payment cards from most major banks and ewallet services in the country are accepted by the gateway, making the incident especially concerning.

While it is unclear when the incident occurred, iPay88 said that the leak was detected on May 31.

ALSO READ: Data of Malaysians born between 1940 and 2004 allegedly being sold for over RM40,000

"Upon discovery of the issue, we immediately initiated an investigation on May 31 and brought in cybersecurity experts to contain the issue," the company stated.

It claimed that the containment process was successful, with no further suspicious activity detected since July 20.

ALSO READ: Netizens express concern over online sales of Malaysian phone numbers

"To ensure the continued safety of the card data, we have implemented various new measures and controls to strengthen the system’s security against any further incidents," iPay88 posted on its website.

It also said that an investigation into the incident is still going on and that more information will be shared later.

ALSO READ: Database containing personal info of four million Malaysians allegedly being sold online

"All financial institution partners have been informed and kept up to date.

"We will continue to monitor the situation closely and ensure the safety of the cardholder data," it said.

Lembah Pantai MP Fahmi Fadzil criticised the company on Twitter, saying that iPay88 didn't act quickly enough to warn customers even though the incident happened more than two months ago.

He said the Personal Data Protection Act 2010 has to be amended, adding, "Too many data leaks. Too little data protection."

Article type: free
User access status:
Subscribe now to our Premium Plan for an ad-free and unlimited reading experience!

Next In Tech News

Exclusive-Grab sees no big layoffs despite weak market
Opinion: Profits and security? Who cares
Opinion: Just reboot it
Tech workers flooded Hawaii in the pandemic. With remote work on the decline, what now?
‘Omega Strikers’ is a mish-mash of genres that somehow works
Australia's Optus contacts customers caught in cyber attack
A world without passwords: What Big Tech's switch to Fido 2 means
Hanoi closes Instagram hotspot 'Train Street' over safety concerns
’FIFA 23’ will let you play as fictional football coach Ted Lasso
Bankrupt crypto lender Voyager's CFO to exit months after appointment

Others Also Read