Personal data of nearly 4 million Malaysian citizens allegedly put on sale for 0.2 Bitcoin

It appears that there’s a potential data breach at the National Registration Department (JPN) as a database containing close to 4 million Malaysian citizens has been put on sale through an online forum. According to the seller, the data was freshly obtained from Jabatan Pendaftaran Negara and hasil.gov.my (Inland Revenue Board) through the MyIdentity API.

The database consists of 19 files in JSON/CSV format with a total size of 31.8GB. The person alleged that the current list contains details of individuals born between 1979 to 1998. The list includes personal details such as name, email, mobile number, permanent address, gender, IC number, race, religion, and even photos stored in base64 string.

The seller is asking for 0.2 Bitcoin (BTC) for the full list which is about RM35,000. Some interested buyers were asking for data narrowed down to selected cities but the seller prefer to sell the list in bulk.

At the time of writing, the MyIdentity portal is currently inaccessible. Launched in 2012, the platform was meant to make it easier for citizens and permanent residents to access and update their personal information when dealing with government agencies online. A total of 10 agencies were involved in the pilot project which includes National Registration Department, Malaysian Immigration Department, Road Transportation Department, Inland Revenue Board, Election Commission, Education Service Commission, Social Welfare Department, Labour Department of Peninsular Malaysia, National Higher Education Fund Corporation, and Royal Malaysian Police.

When another user asked for proof of authenticity, the seller shared personal details of a popular local celebrity based in Kuala Lumpur. The database appears to be legit as the image matches the actual person.

This potential data breach raises concerns about the security of the government’s online platforms especially when it involves the National Registration Department. Not only it exposes important details of Malaysians but the data can be misused for potential scams and phishing attack.

Under the MyDigital initiative, Malaysia aims to move 80% of public data to hybrid cloud systems by the end of 2022. In order to build trust, it is important for the government to strengthen cybersecurity for its platforms and to ensure resilience towards potential cyber-attacks.

[ SOURCE, IMAGE SOURCE ]

Recent Posts

Porsche Taycan and Macan EV prices surge in Malaysia: Up to RM410k higher

Porsche has recently updated the price of its EV lineup in Malaysia, and the changes…

7 hours ago

TNG eWallet now lets you search SSM company records and download official documents

If you need to verify a Malaysian business or obtain more background information, you can…

10 hours ago

Bye-bye physical discs: PlayStation goes digital-only from 2028

For close to two decades, buying a new PlayStation game meant picking up a Blu-ray…

11 hours ago

Flexi Parking is back online: Look out for minor teething issues

The Flexi Parking system is operational again after being crippled for the past few days…

11 hours ago

Hotlink 5G Travel SIM offers 7-day “unlimited” internet in 4 countries for RM25

Hotlink has enhanced its Travel SIM offering which lets you stay connected in 4 countries…

12 hours ago

Semak Kasih offers a legit starting point to check for unclaimed takaful and life insurance

The Malaysian Takaful Association (MTA) and Life Insurance Association of Malaysia (LIAM) have recently launched…

1 day ago

This website uses cookies.