Millions of records from Putrajaya's MyIdentity database have allegedly been sold online.
The seller, known only as actifedot, placed an advertisement for data on a hacker forum known as breached.co on April 29.
As proof, the seller included a "sample" with records allegedly belonging to Home Minister Hamzah Zainudin and a partial database which showed telephone numbers and addresses.
The starting asking price was US$10,000.
The MyIdentity system was developed by the Malaysian Administrative Modernisation and Management Planning Unit (Mampu) - an agency under the Prime Minister's Office - in 2011.
MyIdentity allows personal identification to be shared across several government agencies.
This is the second time in which personal data of MyIdentity users has been sold since late last year. The seller appeared to have some knowledge of Malaysia as a popular Malaysian actress was used as a sample.
At the time, Hamzah, who oversees the National Registration Department (NRD), claimed that there were no leaks on the NRD end.
The so-called MyIdentity dataset was not the only one for sale. Another seller claims to have 30GB worth of personal data involving Malaysian users of Sugarbook - a Malaysian sugar daddy-sugar baby matching site.
In a statement, Kluang MP Wong Shu Qi said the alleged data breach was shocking.
"The urgent question now is how many Malaysians have unknowingly become victims of identity theft if the alleged leak is true?
"Is it still safe to use government services online if the government itself cannot safeguard our personal data?" she asked.
Wong said Hamzah's denial last year does not provide Malaysians with any assurances.
"The seller even purposely uploaded the home minister's personal details to show that the data on sale was legitimate.
"We need stronger assurance and firmer actions from the government," she said.
Meanwhile, DAP social media bureau head Syahredzan Johan said if the allegations of yet another security breach were true, then Malaysians would be at risk of fraud and identity theft.
"It raises doubts on the security and integrity of data held by government agencies," he said. - Mkini
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.