Transparency International Malaysia (TI-M) is alarmed over the lack of digital security for the personal data of Malaysians.
A month ago, on 17 May 2022, the media reported a database offered for sale consisting of a dataset that belonged to the National Registration Department (NRD) consisting of data of Malaysians born between 1940 to 2004 for an asking price of USD10,000. At the time, the Minister of Home Affairs, Datuk Hamzah Zainuddin stated that the dataset was not from the NRD’s database, and the Minister of Defense, Hishammuddin Hussein, said that the data leak would not be able to affect national security as his ministry has systems in place to prevent such a situation and that relevant intelligence agencies are prepared for any eventuality that could come from the breached data, although he did not clarify what specific mechanisms would prevent the data from being misused.
Earlier this month, we were served with media reports of a cybersecurity expert exposing personal data of the employees involved in the Public-Private Covid-19 Industrial Immunisation Programme (PIKAS) register operated by Ministry of International Trade and Industry (MITI). Among the files found in there were spreadsheets that are the ones that companies were supposed to submit to MITI via the PIKAS system. The spreadsheets in question had the names, IC numbers, employee ID, age, gender and contact numbers of the staff of the said companies.
Earlier this month, on 13 June 2022, online news portal Soyacincau has shared news of an OpenSource Intelligence Tool (OSINT) website that is purportedly selling JPN and MySejahtera data online. The users who had reported the OSINT to the media had shared that the data was available for purchase for as low as RM6.63 and offered accountholders the option to erase their details from the database for a price.
Neither of these incidents are isolated or new. The media has been saturated with news of data leaks, risks to personal data protection and consequently, demands for answers from the government on how our data is being handled.
The irony is our demands for transparency are responded with opacity and secrecy, whilst our personal data appears to be transparently available for picking.
Yesterday the Minister of Home Affairs, Datuk Hamzah announced that only 44 government related agencies will be allowed to access Malaysians’ personal data from the National Registration Department’s data base. Is this action too late after the horses have bolted?
TI-Malaysia President Muhammad Mohan urges the government to allow the transparent disclosure of the progress of the police investigations into the previous data leak in May 2022 and identifying who are responsible for this crime as well as inform the Rakyat of the government’s plan to prevent the sale of our data, and to safeguard our data from facing the same threat in the future.
The silence is deafening. The government doesn’t seem to have the answers to such important questions being asked but is nevertheless answerable to the people for any failure to protect our data.
-End-
Note to Editors: For clarification on any and all official statements from Transparency International – Malaysia (TI-M), kindly refer to its President, Dr Muhammad Mohan (mmohan@transparency.org.my)
