Just 8 months ago 2 huge database were put up for sale on a well-known marketplace forum. One of the databases allegedly contained 4 million data entries belonging to Malaysians while the other had the data of approximately 1.4 million Malaysian companies.
Now, it appears that there has been another potential breach at 2 Malaysian government agencies.
An online seller is claiming to be selling the personal data of over 22 million Malaysians on an online forum.
The database is up for sale for US$10,000 (RM44,000) and contains the personal information of 22.5 million Malaysians including their full name, NRIC number, addresses, gender, race, religion and even photographs.
According to the seller, who claims to be the same party behind last year’s sale of personal data, “Last time we sold 4 million data of Malaysian, this time we leak the whole adult Malaysian population and no one left behind, from 2004 to 1940 birth year.”
The seller also claimed that the total data is equal to 160GB and that it was leaked via myIDENTITY API, which is essentially the national data-sharing platform for the public sector that allows government agencies to obtain one’s personal details from a centralised repository.
Is the data legit?
To prove that the data is legit, the seller also provided a sample record belonging to Home Affairs Minister Dato Seri Hamzah Zainudin.
Along with this IC photo, his address and IC number were also leaked.
More worrying news
Apart from the database containing the personal information of over 22.5 million Malaysians, the same seller also posted a listing to sell a database allegedly containing information of 802,259 Malaysians obtained from the Election Commission’s website.
What makes things worse is that the seller is also selling actual photos of ICs as well as electronic Know Your Customer (eKYC) images of people taking selfies while holding their IC.
The images were used for verification purposes when registering as a new voter. The whole database including the eKYC photos is 67GB in size and they are selling it for US$2,000 (RM8,780).
With the extra eKYC photo, Malaysians could be potential victims of identity theft as the IC and verification selfies could be misused to apply for products and services without their permission.
For now, it is unclear whether JPN and other related government agencies are aware of this listing as no statements have been issued.
It is certainly high time for the authorities to take action against such alleged leaks, do a security check and buff up measures on the myIDENTITY platform as well as the agencies that have access to it.
What must be done to prevent things like this from occurring yet again in the future? Let us know in the comments.
Also read: LHDN Denies Leaking Private Data Of 4 Million Malaysians To Be Sold Online For RM35,500
