Nacsa investigates alleged breach exposing MyKad data of 17 million Malaysians


The agency urged the public to 'avoid spreading unconfirmed reports and only refer to verified information from the authorities'. — Photo by Lewis Kang'ethe Ngugi on Unsplash

PETALING JAYA: The National Cyber Security Agency (Nacsa) says it is currently investigating reports alleging that the MyKad data of 17 million Malaysians has been leaked and is being sold on the dark web.

"We understand this is a concerning issue for the public and want to assure you that we are taking it very seriously," said a spokesperson in a statement issued today (Dec 4) to LifestyleTech.

"Our experts are investigating the situation thoroughly to verify the authenticity of these claims and assess the extent of any potential compromise.

"Nacsa is committed to safeguarding personal data and will take necessary action based on our findings."

Dark web threat intelligence firm StealthMole first highlighted the issue yesterday (Dec 3) on X, stating that threat actors claim to be in possession of MyKad data belonging to 17 million Malaysians and are offering it up for sale on the dark web.

"As proof, they have publicly shared samples of Malaysian ID cards on the dark web," the company wrote in the post.

"This massive data breach raises concerns as it could lead to serious crimes like identity theft and financial fraud."

Nacsa said it will provide updates as more information becomes available while also urging the public to "avoid spreading unconfirmed reports and only refer to verified information from the authorities”.

It further advises monitoring bank accounts and credit reports for suspicious activity, remaining cautious of unsolicited communications, refraining from clicking on links or opening attachments from unknown senders, using strong passwords, keeping software up to date, and practising good cyber hygiene.

Follow us on our official WhatsApp channel for breaking news alerts and key updates!

Next In Tech News

Game developer Big Cheese Studio targeted in cyber attack, PAP reports
U.S. lawmakers are light on crypto heading into new Trump era
EU Commission completes probe into X, to decide fine, reports Handelsblatt
Google steps up fight against fake reviews after UK probe
Opinion: When AI passes this test, look out
NTT DATA boss calls for global standards on AI regulation at Davos
How to delete Facebook, Instagram and Threads if you don’t like Meta’s changes
India's Tata Electronics acquires 60% stake in Pegatron Technology
How Chinese AI startup DeepSeek is competing with Silicon Valley giants
A call for millennial complaints draws an enormous crowd

Others Also Read