It seems that as the days goes by, more and more data leaks are being reported by various companies as scammers look to acquire the data to either sell or use maliciously.
Recently, Malaysia’s largest online payment gateway was reported to have suffered a cybersecurity incident where the card data of some Malaysians may have been potentially compromised.
According to a statement by iPay88, they had immediately initiated an investigation on 31 May 2022 and brought in cybersecurity experts to contain the issue.
“The containment process was successfully completed and no further suspicious activity has been detected since 20 July 2022. To ensure the continued safety of the card data, we have implemented various new measures and controls to strengthen the system’s security against any further incidents.”
“The investigation is currently ongoing and we are working closely with the authorities and relevant parties on this matter. More updates and detailed findings will be shared in due course. All financial institution partners have been informed and kept up to date,” they added.
Why announce it more than 2 months after it happened?
The revelation by the company did not go down well amongst Malaysians who quickly called out the company for only informing the public now rather than a few months earlier after the incident had actually occurred.
One of the most vocal parties on the issue is Lembah Pantai MP Fahmi Fadzil who questioned why it took them more than 2 months to announce it.
“They didn’t even mention how much data has been affected. Why so late? Don’t these kinds of companies think to notify their affected users immediately?”
In a Facebook post, Fahmi urged the government to amend the Personal Data Protection Act 2010 (PDPA) to compel companies to notify the authorities immediately when there is a data breach.
“If iPay88 is serious and genuine about handling this cybersecurity incident well, it should give financial compensation to all victims,” he stated.
Banks reaffirm that their cardholders’ data security is taken seriously
Meanwhile, the Association of Banks in Malaysia (ABM) and Association of Islamic Banking and Financial Institutions Malaysia (AIBIM) said that in light of the announcement by iPay88, they would like to reaffirm that banks take seriously the data security of their cardholders.
“The banks have taken additional countermeasures to protect cardholders from potential risks that may arise from this incident. These include, but are not limited to, heightening of real-time fraud monitoring to detect fraudulent and out-of-norm card usage behaviour,” they wrote in a statement.
“The banks have implemented robust multi-layer security measures such as dual-factor authentication to prevent unauthorised credit card and debit card transactions. Banks would contact their cardholders directly through the banks’ official channels should they detect unusual transactions which may require added verification.”
“ABM and AIBIM member banks wish to reassure their cardholders that they may continue to use their bank cards as normal,” they added.
What do you think of the whole issue?
Also read: PM’s Personal Telegram Account Gets Hacked & M’sians Have Sarcastic Responses
