THE allegation that the personal data of 22.5 million Malaysians born between 1940 and 2004, purportedly from the National Registration Department (NRD), have been stolen and sold on the dark web is a serious concern.
According to local tech portal Amanz, the 160GB database containing information such as a person’s name, identity card number, address, date of birth, gender, race, religion, mobile number, and Base54-based photo, is being sold for US$10,000 (about RM43,885) at a well-known database marketplace forum.
In a screenshot shared by the portal, the seller claimed that the database was an expanded repository from the one he sold in September last year.
In the incident last year, the personal data of four million Malaysians were allegedly leaked from the MyIdentity API (application programming interface) and put up for sale at RM35,419.
MyIdentity is a national data-sharing platform that allows government agencies to access individuals’ details from a centralised repository.
This is not the only government database that has been put on sale this year. Apparently, a couple of weeks earlier, the same seller had posted a database allegedly belonging to 802,259 Malaysian voters, obtained from the Election Commission’s website, on the black market.
And sadly, these are not the only incidences of government database breaches.
While the Home Affairs Ministry has denied that the latest database leak was from NRD, the police, on the other hand, have already started their investigation into the breach.
But whatever the outcome is, with the rising number of cases involving government personal data leaks, the authorities must be held accountable for such breaches.
Heads, especially those given the task of ensuring the safety and security of these public data, must roll.
They must be held accountable for their failure in protecting the people’s interests and in ensuring the safety and security of their private details, which could easily be abused.
The government must also act swiftly to address the weaknesses in their system and reassure Malaysians of a better solution to safeguard data stored by government departments and agencies.
It is a question of public safety.
Scammers could use the stolen data to cheat people of their money, while telemarketers would have a field day making unsolicited calls from the leaked telephone numbers of Malaysians.
To prevent leaked data from being misused, the government, including the police, must work harder to go after scammers, who could use such information to trick victims, especially via the Macau scam.Last year, 1,585 Macau scam cases were reported nationwide, resulting in RM560.8mil in losses. This year, the number has already reached 1,258 cases as at April 19, involving RM65.4mil in losses.
As for telemarketing, the Malaysian Communications and Multimedia Commission (MCMC) must be more vigilant and introduce sterner measures to prevent unsolicited calls.
Actions to stop the scammers and unsolicited calls would restore people’s confidence in government agencies despite the data breach.
Lastly, as the custodian of all Malaysians’ data, the government must also be held accountable for any breach.
Currently, the Personal Data Protection Act 2010 (PDPA) does not apply to the federal and state governments. Instead, it only covers commercial entities.
While proposals to amend the PDPA, including making the government accountable, have been made, the amendments have yet to be tabled in Parliament.
Therefore, lawmakers should seriously consider the urgency of the amendments to make Malaysians’ personal data safer in the public domain, preventing them from falling into the wrong hands for illegal use.
This has to be done quickly to prevent more of such data breaches before it is too late and puts national security at risk.
Source link.
Related:
Public fuming over another likely data leak
CLICK TO ENLARGE
PETALING JAYA: The public are outraged over another alleged data leak containing the information of 22.5 million Malaysians born between 1940 and 2004, stolen from the National Registration Department (NRD).
Many are anticipating more scam calls and SMSes as well as fraudulent online transactions to occur over the breach.
Businessman Amirul Asraf, 31, from Wangsa Melawati, said such incidents were the root cause for many the scam calls people are receiving on a daily basis.
“With these data, scammers can convince people that they are calling from the banks, courts, police and authorities. This will make
people’s lives harder.
“I read a case where a poor man who obtained assistance from his local assemblyman was cheated after a
scammer emptied him out. The assemblyman had to help the victim again as a result.
“These scammers are heartless. They don’t care if they take a lot or a little or whom they trick, as long as they get the money,” he
said.
Software engineer Ahmad Ridzwan, 30, from Bukit Jalil, could only say “Malaysia Boleh” in relation to the leak taking place.
“Not sure what else to comment. This is the worst possible leak because our identifiable data is out in the open and the identity card is the most important one of all,” he said.
Sales executive Shivaendra Gunasegaram, 30, from Petaling Jaya, said smartphones and social media
companies already had all data pertaining to the individuals.
As such, all personal information was accessible to many people, he said.
“As long as there are no unauthorised transactions from our bank accounts, I feel that there’s nothing to worry about.
“The advantage of being poor is that they probably won’t target my account because there’s not much in it,” he said jokingly.
Meanwhile, the data leak report continued to create a buzz in online forums and on social media, with many people expressing their unhappiness over the government’s inability to protect vital information from being leaked repeatedly over the years.On Facebook, user Zaidi Rudy said: “Brace
yourselves, scam calls are coming in.”
Dennis Ooi said: “Was SOLD mean somebody have to go jail. Any action taken on those responsible. Or tangkap lepas again.”
Wan Meng Lee questioned: “Why the rakyat confidential information can be sold off is it not kept safely omg.”
Abdul Hamid said: “If they know the data being sold, they definitely know who is the seller.”
In the Lowyat forum, user bananjoe said: “Habis go and overhaul the whole new mykad. This is epic ridiculous. Government IT staff doing what ???”
Sycamore said: ”So absurd. But why am I not surprised? Absurdity is the reality.”
Radiowarrior1337 said: “This needs to kena and people head must roll. Tidak apa attitude
and biar la dah hack kan so mari lepak minum teh now to discuss what scenario he obtains the data.”
No comments:
Post a Comment