IRB distances itself from alleged data leak

 

The Inland Revenue Board (IRB) today distanced itself from a news report that alleged there was personal data being sold illegally.

In a statement today, the IRB said it was a client of the MyIdentity system - where the alleged leak took place - and not the owner of the system.

"Internal investigations found there is no data leak (on IRB's part).

"The IRB is working with the National Registration Department, National Cyber Security Agency (Nacsa), and National Security Council on this issue.

"IRB guarantees that all data and information in its possession is safe because it is protected with certified data security technology," it said.

The IRB, also known by its Malay acronym LHDN, urged the public to be wary of deceit and said they may be contacted via telephone (03-8911 1000 / 03-8911 1100) or through their website.

Earlier today, tech blog Lowyat.net reported that alleged personal data obtained through the MyIdentity system was being sold online for 0.2 Bitcoin (BTC). This is approximately RM35,000 at the time of writing.

This dataset was also advertised on another online forum which is notorious for selling stolen personal information from all over the world.

Based on a sample shown by the seller, the dataset is supposed to contain birthdates, emails, genders, mailing addresses, phone numbers, MyKad numbers, permanent addresses, race, and religion in the JSON format.

The seller claimed that the data - involving four million entries - was obtained from the "MyIdentity API" through the Inland Revenue Board's website. - Mkini