AKPK: Info of about 20 customers exposed on dark web from data breach last month


On March 30, AKPK announced that it had discovered that its server containing customer data may have been illegally accessed and it had taken measures to put operational systems offline temporarily. — AZMAN GHANI / The Star

PETALING JAYA: The Credit Counselling and Debt Management Agency (AKPK) said it has confirmed that some data obtained from a data breach, which it announced on March 30, has been published on the dark web today (April 26).

"While our investigation with third-party cybersecurity experts is continuing, it appears that approximately 20 customers have had personal information – names and National Registration Identity Card (NRIC) numbers – published.

"We are working closely with law enforcement and other relevant authorities, including the Communication and Digital Ministry, and CyberSecurity Malaysia, in the ongoing thorough investigation.

"We are also working to identify the specific information that has been illegally accessed and update the customers that have been affected.

"We anticipate and are preparing for the criminals to publish more information including additional customer names and NRICs," AKPK said in a statement to LifestyleTech.

A quick check of the file posted on a data breach website by a ransomware group claiming to be BlackCat on April 25 showed that it contained a list of directories, with limited samples showing documents such as payslips, letters from banks, copies of MyKad, and application forms of individuals joining the agency's Second Chance Program.

The agency said its staff will be on standby to assist customers in matters related to the breach.

"We understand this situation is very concerning and we sincerely apologise. AKPK will continue to do everything we can to mitigate the impact of this breach.

"We are reaching out directly to communicate with all our customers about this security breach and support them in the steps customers can take to safeguard themselves," it said.

On March 30, AKPK announced that it had discovered that its server containing customer data may have been illegally accessed and it had taken measures to put operational systems offline temporarily.

The agency states that the acquisition, use and dissemination of information in the possession of cybercriminals is a criminal offence.

Follow us on our official WhatsApp channel for breaking news alerts and key updates!
   

Next In Tech News

Tesla's robotaxi event was long on Musk promises. Investors wanted more details
QUOTES: Lot of sci-fi smoke and mirrors: Investors, experts react to Tesla's robotaxi unveil
Binance compliance chief denied bail in Nigeria money laundering case
Meta removes fake accounts in Moldova ahead of presidential election
British police reduce X presence amid extremist content worries
Trump campaign turns to secure hardware after hacking incident
BlackRock hits record high $11.5 trillion in assets on market rally, ETF boost
Tech war: China sees glut of AI data centres as GPU mismatches exacerbate weak demand
Philippines arrests alleged Chinese scam farm chain boss
Exclusive-Northvolt in talks for about 200 million euros in funding - sources

Others Also Read