Thursday, September 30, 2021

Assure public that their personal data are secure

 


On Sept 28, 2021, several tech portals reported that a database that apparently belongs to the National Registration Department (NRD) has been put up on sale at a well-known database marketplace forum.

The reports cited the seller’s claim that it contained four million data that were obtained from the Inland Revenue Board’s (IRB) website through the Application Programming Interface (API) that is made for MyIdentity.

According to reports, the data also includes such personal information as names, e-mails, mobile phone numbers, IC numbers and also pictures. The database was put up for sale for 0.2 BTC, which is equivalent to around RM35,000.

IRB has denied that there was any data leak from their side. 

Similarly, at the time of writing, Home Minister Hamzah Zainudin had spoken on the issue and said that checks with IRB and NRD showed that there was no data leak. At the same time, the police have opened investigation papers on the allegations.

At this juncture, we do not know whether indeed the seller has the data as he claimed. If he does, we also do not know from where the database was obtained from. 

Despite the denials from the authorities, the police should continue to investigate the allegations.

If indeed millions of data have been compromised, this presents a serious security issue. Millions of Malaysians may be exposed to various risks, including fraud and identity theft. 

There are also concerns that this may pose significant risks to our national security and raises questions regarding the safety and integrity of the data stored by databases owned by public bodies.

Home Minister Hamzah Zainudin

Malaysians are quite generous when it comes to personal data. We give out personal information to various bodies and entities without a second thought. 

However, this should not mean that issues of data security and integrity should be taken lightly.

Investigation results must be made public

This is not the first time that the personal data of Malaysians have been at risk of mass exposure. Before this, there was a claim that data from the Elections Commission (EC) of 10 million Malaysians were up for sale. 

Back in 2017, it was alleged that there was a data breach involving 46 million phone numbers in Malaysia.

Unfortunately, far too often the results of these investigations have not been made public or publicised. 

Malaysians do not know, at the end of the day, whether their personal data that is stored with several public bodies, continue to be safe and secure.

This must change. Whatever the outcomes of the investigation of this latest alleged data breach, it must be made public. 

Mere denials from public bodies alleged to be the subject of these leaks are no longer enough. 

There must be some semblance of transparency and accountability with all involved.

The home minister has sought to assuage fears in his press conference regarding this issue. 

However, until and unless Malaysians are convinced that the investigations are carried out thoroughly and in a transparent manner, there will be many who would feel that our personal data are not safe with public bodies. - Mkini

SYAHREDZAN JOHAN is a civil liberties lawyer and political secretary to Iskandar Puteri MP Lim Kit Siang.

The views expressed here are those of the author/contributor and do not necessarily represent the views of MMKtT/

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.