Nacsa Probes Allegations of Massive MyKad Data Leak Involving 17 Million Malaysians

UPDATE: JPN has clarified through a post on their official Facebook page that there has been no evidence of a breach involving the MyKad information of 17 million Malaysians. The statement reads (translated):

JPN investigation finds no data leak or suspicious transactions taking place in the system in JPN. In fact, JPN also insists that no such case has ever happened before involving the JPN system. JPN has also been in contact with NACSA and PDRM to enable their increased investigation to be taken.
JPN will always ensure the security and integrity of the data of Malaysians who are under JPN’s care are secure and secure.
Now everyone can breathe a collective sigh of relief knowing that all of this is not true. You can read the original story down below.

MyKad Data Breach Under Investigation by Nacsa

The National Cyber Security Agency (Nacsa) has confirmed that it is currently investigating claims of a massive data breach involving 17 million MyKad holders in Malaysia. Meanwhile, the leaked data, allegedly being sold on the dark web, has sparked widespread concern among the public. As a result, this incident has heightened fears over the security of personal information and the potential misuse of sensitive data.

The breach was first reported by StealthMole, a dark web threat intelligence firm, on December 3rd. The firm stated that threat actors are selling stolen MyKad data on the dark web. Moreover, they are providing sample ID card images as proof. This is done to validate their claims and attract potential buyers.

The suspected source of the leak is believed to be a breach in the eKYC (Electronic Know Your Customer) system. Specifically, this system often uses identity card photos for quick user verification. Typically, these photos are intended for temporary use. However, the exposure of 17 million MyKad images clearly indicates a significant security failure.

Nacsa has assured the public that the matter is being taken seriously and emphasised that the agency is fully committed to safeguarding national cybersecurity. Meanwhile, the agency is currently working diligently to verify the authenticity of the claims and, at the same time, assess the full extent of the potential compromise.

In the meantime, Nacsa has urged the public to remain calm and avoid spreading unverified information. The agency advises individuals to exercise caution, monitor their bank accounts and credit reports, and be wary of unsolicited communications. Strong password practices and avoiding suspicious links or attachments are also recommended as precautionary measures.

Source

Leave a Reply

Verified by MonsterInsights