Another major personal data breach took place involving the International Trade and Industry Ministry's (Miti) Public-private Partnership Covid-19 Industry Immunisation (Pikas) programme.
The leak was first reported by Suresh Ramasamy on his Linkedin page. He has worked on cybersecurity with several telecommunication firms.
According to him, the personal data involved details of employees who registered under the Pikas scheme to obtain their Covid-19 vaccinations.
These details, which include identity card numbers and phone numbers, were stored in Microsoft Excel files and hosted on the vaccination programme’s website.
Suresh estimated millions of personal records were exposed through the leak and could potentially end up for sale illegally.
"Since it's left open, it's best to (assume) that the data is probably out in the wild, to anyone who has access to the internet.
"Cue another data leakage on the dark web... Another few million records up for sale!" wrote Suresh.
At the time of writing, Miti's website is inaccessible and hence Suresh's claims cannot be independently verified.
According to a report by health news website CodeBlue, Suresh filed a complaint with CyberSecurity Malaysia - an agency under the Communications and Multimedia Ministry - on May 22.
CyberSecurity Malaysia wrote back to Suresh on May 27 to state "the content you reported to us is no longer available. We hope this is of help and with this, we shall close the case".
CodeBlue reported that it has sighted these correspondences.
Suresh speculated that the breach could be caused by IT staff who either wanted to analyse the data remotely or transfer the files to a different server.
He added that the matter could also be caused by a staff member acting maliciously.
"These types of incidents further erode the trust in the ability of the government to safely keep data.
"This is further compounded by the fact that the Personal Data Protection Act 2012 in Malaysia conveniently excludes government agencies from being responsible for managing data.
"The scale of data being lost is huge, and has far-reaching impact beyond just this article," he wrote.
The exposé by Suresh comes at a time when Malaysian authorities are investigating the alleged sale of personal data on a website called breached.co.
The latest incident involved the seller goading the government by providing a "sample" of their dataset which contained personal details of Home Minister Hamzah Zainudin. - Mkini
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.