Following the recent cybersecurity threats made against Malaysia, Communications Minister Fahmi Fadzil has urged Malaysians to continue to register for PADU, Malaysia’s Central Database Hub. The Minister said, “The government guarantees the safety of the data and I ask and I implore everyone to continue the registration.”
PADU under Ministry of Economy wasn’t hacked by R00TK1T
Fahmi said he wants Malaysians to know that PADU is very secure and has never been hacked. He assured that the data security is being constantly monitored by the Personal Data Protection Department and CyberSecurity Malaysia, therefore, those who have not yet registered for PADU can do so safely.
Commenting on the recent claim by hacker group R00TK1T, Fahmi said the attack was referring to a different PADU involving a file server that belonged to the National Population and Family Development Board. It’s not the same PADU under the Ministry of Economy led by Rafizi Ramli.
Can the govt guarantee the data security of PADU?
While PADU is spared from attacks from R00TK1T, the question remains if the Malaysian government can guarantee the data protection of Malaysians. Ultimately, who is responsible for protecting your data on PADU and who will be liable if there’s a data breach?
Under the current Personal Data Protection Act (PDPA) 2010, the Act does not apply to Federal Government and State Governments under Section 3. There have been calls to amend PDPA to hold government agencies and departments responsible for data breaches, considering the majority of data breaches in the country involve government platforms.
There have been several major data breaches recorded in the past few years. The most recent incident involved PERKESO where a database containing personal details including phone numbers was put up on an online forum. There were also databases of Malaysians allegedly obtained from the National Registration Department and Election Commission containing photos of ICs and eKYC selfies, being put up for sale online.
So far there have been no further updates or actions on these data breaches involving government agencies.
Less than 20% of eligible Malaysians “updated” their details on PADU
As of 23rd February 2024, PADU has recorded 3.75 million individuals who have successfully registered and updated their database, which is still far off from its target to have all eligible Malaysians (21.97 million) complete their submissions by 31st March 2024. According to PADU, they have already “registered” over 30 million Malaysians by integrating databases from various agencies. However, Malaysians will still need to register and update their information on the platform.
[ SOURCE 2, IMAGE SOURCE ]
