Personal data of nearly 4 million Malaysian citizens allegedly put on sale for 0.2 Bitcoin

It appears that there’s a potential data breach at the National Registration Department (JPN) as a database containing close to 4 million Malaysian citizens has been put on sale through an online forum. According to the seller, the data was freshly obtained from Jabatan Pendaftaran Negara and hasil.gov.my (Inland Revenue Board) through the MyIdentity API.

The database consists of 19 files in JSON/CSV format with a total size of 31.8GB. The person alleged that the current list contains details of individuals born between 1979 to 1998. The list includes personal details such as name, email, mobile number, permanent address, gender, IC number, race, religion, and even photos stored in base64 string.

The seller is asking for 0.2 Bitcoin (BTC) for the full list which is about RM35,000. Some interested buyers were asking for data narrowed down to selected cities but the seller prefer to sell the list in bulk.

At the time of writing, the MyIdentity portal is currently inaccessible. Launched in 2012, the platform was meant to make it easier for citizens and permanent residents to access and update their personal information when dealing with government agencies online. A total of 10 agencies were involved in the pilot project which includes National Registration Department, Malaysian Immigration Department, Road Transportation Department, Inland Revenue Board, Election Commission, Education Service Commission, Social Welfare Department, Labour Department of Peninsular Malaysia, National Higher Education Fund Corporation, and Royal Malaysian Police.

When another user asked for proof of authenticity, the seller shared personal details of a popular local celebrity based in Kuala Lumpur. The database appears to be legit as the image matches the actual person.

This potential data breach raises concerns about the security of the government’s online platforms especially when it involves the National Registration Department. Not only it exposes important details of Malaysians but the data can be misused for potential scams and phishing attack.

Under the MyDigital initiative, Malaysia aims to move 80% of public data to hybrid cloud systems by the end of 2022. In order to build trust, it is important for the government to strengthen cybersecurity for its platforms and to ensure resilience towards potential cyber-attacks.

[ SOURCE, IMAGE SOURCE ]

Recent Posts

Prime Minister’s Department: Over 1,500 cyberattacks launched at ministries’ infrastructure systems

There have been over 1,500 cases of cyberattacks launched against Malaysian ministries' infrastructure systems in…

3 hours ago

Malaysia’s largest DC charging hub is opening soon at Iskandar Puteri, Johor

DC Handal is expected to unveil what appears to be Malaysia's largest EV charging hub…

19 hours ago

Realme GT 7 Pro coming to Malaysia as first smartphone with Snapdragon 8 Elite chip, launching 18th November

Realme has debuted its latest flagship smartphone, the Realme GT 7 Pro in China, featuring…

19 hours ago

Malaysia to kill off NGVs in 2025 due to safety concerns

Malaysia will ban natural gas vehicles (NGVs) on 30 June 2025. Subsequently, no new natural…

21 hours ago

Is your iPhone 14 Plus having camera issues? Apple has a solution for you

Apple has launched a service program for the iPhone 14 Plus where certain units fail…

22 hours ago

U Family 128: U Mobile offers 1000GB shared data with 4 lines and free roaming for RM128/month

U Mobile has introduced its new U Family 128 offering, a new family plan which…

1 day ago

This website uses cookies.