It appears that there’s a potential data breach at the National Registration Department (JPN) as a database containing close to 4 million Malaysian citizens has been put on sale through an online forum. According to the seller, the data was freshly obtained from Jabatan Pendaftaran Negara and hasil.gov.my (Inland Revenue Board) through the MyIdentity API.
The database consists of 19 files in JSON/CSV format with a total size of 31.8GB. The person alleged that the current list contains details of individuals born between 1979 to 1998. The list includes personal details such as name, email, mobile number, permanent address, gender, IC number, race, religion, and even photos stored in base64 string.
The seller is asking for 0.2 Bitcoin (BTC) for the full list which is about RM35,000. Some interested buyers were asking for data narrowed down to selected cities but the seller prefer to sell the list in bulk.
At the time of writing, the MyIdentity portal is currently inaccessible. Launched in 2012, the platform was meant to make it easier for citizens and permanent residents to access and update their personal information when dealing with government agencies online. A total of 10 agencies were involved in the pilot project which includes National Registration Department, Malaysian Immigration Department, Road Transportation Department, Inland Revenue Board, Election Commission, Education Service Commission, Social Welfare Department, Labour Department of Peninsular Malaysia, National Higher Education Fund Corporation, and Royal Malaysian Police.
When another user asked for proof of authenticity, the seller shared personal details of a popular local celebrity based in Kuala Lumpur. The database appears to be legit as the image matches the actual person.
This potential data breach raises concerns about the security of the government’s online platforms especially when it involves the National Registration Department. Not only it exposes important details of Malaysians but the data can be misused for potential scams and phishing attack.
Under the MyDigital initiative, Malaysia aims to move 80% of public data to hybrid cloud systems by the end of 2022. In order to build trust, it is important for the government to strengthen cybersecurity for its platforms and to ensure resilience towards potential cyber-attacks.
[ SOURCE, IMAGE SOURCE ]
Zeekr Malaysia has announced the new 2026 pricing for the Zeekr 7X, following the end…
When it comes to choosing a smartphone with the best camera, most people instinctively look…
Tesla has quietly revised the advertised WLTP-rated range for several Model 3 and Model Y…
Tune Talk has expanded access to its revamped Tune Talk app globally, allowing users worldwide…
Maxis has completed the migration of its mission-critical workloads from Amazon Web Services’ Singapore Region…
In addition to the Vigo compact SUV, Dongfeng's EV lineup in Malaysia now also includes…
This website uses cookies.