Bank Negara Malaysia (BNM) has suspended the Central Credit Reference Information System (CCRIS) to all Credit Reporting Agencies (CRA) as a precautionary measure to counter potential cyber threats and the possibility of a data leak incident. CTOS Data Systems which is one of the three CRAs authorised by BNM had sent out an email informing customers that reports and services containing CCRIS information will be affected.
At the time of writing, it isn’t clear what exactly prompted the suspension and CTOS says they are working closely with BNM to resume the service as soon as possible. According to The Edge, BNM said it has been “made aware of a credible threat involving credit reporting agencies in Malaysia” but without providing further elaboration.
While CCRIS access by CRAs has been suspended, financial consumers are still able to access their CCRIS reports directly from the eCCRIS website. It told The Edge that access for agencies will be restored once secure access is assured.
CCRIS is a system that is used by banks and financial institutions to evaluate an individual’s loan eligibility. It can generate a report of all your current credit and loans with banks in Malaysia as well as your payment record. CTOS is one of the popular platforms that allow consumers to perform a financial health check for about RM25. The report provides data to help you make decisions to improve your credit score and to increase your chances of getting your loan approved.
Data breaches and cyber security incidents are a huge concern as the government aims to move 80% of public data to hybrid cloud systems by the end of this year. Recently an individual had allegedly obtained personal data belonging to 4 million Malaysian citizens born between 1979 to 1998 and is selling it for 0.2 BTC (about RM39,000). The Inland Revenue Board (LHDN) has denied allegations of a security breach on their website, while the Royal Malaysia Police are still investigating the matter.