AKPK: Info of about 20 customers exposed on dark web from data breach last month


On March 30, AKPK announced that it had discovered that its server containing customer data may have been illegally accessed and it had taken measures to put operational systems offline temporarily. — AZMAN GHANI / The Star

PETALING JAYA: The Credit Counselling and Debt Management Agency (AKPK) said it has confirmed that some data obtained from a data breach, which it announced on March 30, has been published on the dark web today (April 26).

"While our investigation with third-party cybersecurity experts is continuing, it appears that approximately 20 customers have had personal information – names and National Registration Identity Card (NRIC) numbers – published.

"We are working closely with law enforcement and other relevant authorities, including the Communication and Digital Ministry, and CyberSecurity Malaysia, in the ongoing thorough investigation.

"We are also working to identify the specific information that has been illegally accessed and update the customers that have been affected.

"We anticipate and are preparing for the criminals to publish more information including additional customer names and NRICs," AKPK said in a statement to LifestyleTech.

A quick check of the file posted on a data breach website by a ransomware group claiming to be BlackCat on April 25 showed that it contained a list of directories, with limited samples showing documents such as payslips, letters from banks, copies of MyKad, and application forms of individuals joining the agency's Second Chance Program.

The agency said its staff will be on standby to assist customers in matters related to the breach.

"We understand this situation is very concerning and we sincerely apologise. AKPK will continue to do everything we can to mitigate the impact of this breach.

"We are reaching out directly to communicate with all our customers about this security breach and support them in the steps customers can take to safeguard themselves," it said.

On March 30, AKPK announced that it had discovered that its server containing customer data may have been illegally accessed and it had taken measures to put operational systems offline temporarily.

The agency states that the acquisition, use and dissemination of information in the possession of cybercriminals is a criminal offence.

Follow us on our official WhatsApp channel for breaking news alerts and key updates!
   

Next In Tech News

Bosch and Microsoft to cooperate on AI technology for car safety
Robot dogs and flying cars: MWC gadget highlights
South Korea's President Yoon to meet Meta's Zuckerberg on Thursday
Soaring bitcoin set for sharpest monthly jump since 2020
Meta’s Zuckerberg to deepen tie-up with LG on next-gen devices
C3.ai posts robust quarterly results, announces CFO change
UnitedHealth hackers say they stole 'millions' of records, then delete statement
Gemini to return $1.1 billion to customers, pay fine in regulatory settlement
Paramount misses quarterly revenue estimates as weak ad market offsets streaming gains
Salesforce sees annual revenue below estimates on weak cloud demand

Others Also Read