Personal data of over a million Malaysians might’ve been exposed online by MITI

When Malaysia first began rolling out the COVID-19 vaccines to the public, one of the protocols included the Ministry of International Trade and Industry (MITI) getting some companies in the manufacturing industry to register their employees via the Public-Private COVID-19 Industrial Immunisation Programme or PIKAS for short. However, a new report now claims that its website may be inadvertently exposing the details of over two thousand Malaysians who signed up for PIKAS.

According to a report from CodeBlue, who in turn got the information from a Dr Suresh Ramasamy on LinkedIn, a server under MITI’s PIKAS website at pikas.miti.gov.my seemingly had a directory that stored over two thousand files. These files are apparently the same files that companies had to upload onto the PIKAS website last year when PIKAS began in June 2021. Each file had the details of the company’s staff, which included their name, IC number, employee ID, age, gender and contact details.

It’s quite appalling that all this data is left in the open web, and that anyone can simply find their way to it. At time of writing though, the PIKAS website appears to be down and cannot be accessed. Dr Suresh asserts that there’s over a million records of personal information available to any bad actors in the PIKAS servers via these Excel files that anyone could’ve accessed. He also goes on to say that the entire PIKAS programs seemed to have been relying on this one directory for their information.

As Dr Suresh mentions in this post, the storage directory was left open along with many others, so it could’ve been left open intentionally. He notes that there was another directory called logs with files in it called ‘laravel’. These refer to laravel logs that were left open as according to Dr Suresh, the vendor may have needed access to troubleshoot the system. As for why the Excel files were left out in the open though, Dr Suresh says it could’ve been their IT department leaving it open to that they can work on it remotely, or needing to transfer files around the servers. Bad actors within could’ve also left it open.

Nevertheless, we’ll need to wait for MITI to release a statement to get a better idea of what happened, especially considering that the PIKAS website is now unavailable. CyberSecurity Malaysia meanwhile seemed to have known about this potential data leak already, with CodeBlue noting that they had told Dr Suresh that they’ve taken action to ‘notify and advice the respective party accordingly’. An email from CyberSecurity Malaysia dated 27 May then closed the case on Dr Suresh’s complaint that he had filed with them on 22 May.

This makes it just the latest data leak in Malaysia in the last couple of weeks. Back in May, a JPN database containing the personal details of approximately 22.5 million Malaysians were found for sale online. The seller for that one even provided the personal data of Home Affairs Minister Dato Seri Hamzah bin Zainudin for evidence. You can read more about that here.

[ SOURCE 2 ]

Recent Posts

ChargEV deploy EV chargers at 1 First Avenue and 8 First Avenue in Bandar Utama

Visitors and tenants at 1 First Avenue and 8 First Avenue can charge their EVs…

6 hours ago

Gentari x MBPP turn on 120kW DC Charger near Maybank Tanjung Bungah

Gentari x MBPP continue to deploy more street-level EV chargers on the Island and the…

19 hours ago

Proton S70 revealed as the official Madani Taxi: A modern makeover for Malaysia’s taxi

Prime Minister Anwar Ibrahim has revealed the Proton S70 1.5T i-GT Premium which was launched…

23 hours ago

Not just for EVs: Malaysian taxis are getting the new JPJePlate

Two years ago, the Road Transport Department (JPJ) introduced the JPJePlate which sets the new…

1 day ago

Why some ATMs are still charging RM1 for cash withdrawals despite the fee waiver

Effective 1st July 2026, Malaysians can make unlimited ATM cash withdrawals for free at over…

1 day ago

JomCharge x DBKL turn on new 100kW DC Charger at Kuchai lama

JomCharge x DBKL continue to turn on more street-level EV charging locations in Kuchai Lama…

1 day ago

This website uses cookies.