KUALA LUMPUR – The government may find itself in hot water if the recent issues involving MySejahtera users are proven to be more than just harmless pranks.
A senior lawyer said the public can take legal action against the government if they can prove that their privacy has indeed been breached, or if there is a chain of causation to show they have suffered damages as a result of the exploits.
In recent days, some users have reported receiving unsolicited emails and one-time password (OTP) messages on behalf of the mobile app, raising concerns of security and data breaches.
The team behind the government-developed app has swiftly moved to allay fears of a possible compromise of personal data, saying these could not be accessed by the malicious scripts used to deliver the OTPs to random phone numbers.
Lawyer M. Visvanathan told the Vibes that the losses and damages suffered can be in various forms, including financially, if a person is duped by an email claiming to be from MySejahtera seeking personal details or if their banking details are hacked.
“We are now totally reliant on MySejahtera for various reasons, including our vaccination progress, risk status and for contact tracing. And, if the app is not secure or is misused, then the government can be held liable,” he said.
Visvanathan said even if the government is not directly at fault, it can still be held liable for negligence.
“The system is supposed to be foolproof, but today, it has been proven otherwise. So, of course it has to be accountable and can be sued for negligence.
“This is a serious issue, as our personal particulars are in the database. They can be misused and tampered with and may cause serious harm to the general public.”
‘Exercise caution’
Yesterday, The Vibes had reported that scores of MySejahtera users are receiving unsolicited emails and OTP messages from the app, with one netizen saying these can be delivered to any random numbers using certain codes to bypass the app’s programming interface.
The Health Ministry has responded saying the false emails and text messages were the result of misuse of the MySejahtera app’s programming interface (API), and not due to a database leak.
It also claims that the security aspects of the app is being beefed up to avoid any reoccurrence of the problems.
Cybersecurity expert Fong Choong Fook said that if it is true that personal data had been compromised, there is nothing much the public can do besides being extra careful so as not to fall victim to scams.
“It’s like the recent leak of millions of Malaysians’ data; our information is pretty much out there now. We just have to be cautious.
“If anyone calls in the future saying they are from the Health Ministry or MySejahtera seeking personal information, my advice is to hang up and call the main line back. Whenever in doubt, it is better to be safe than sorry,” he said.
On what the government can do to improve MySejahtera’s safety features, Fong said that it should conduct regular penetration testing and security assessment on its mobile app as a preventive measure to find possible loopholes.
“It must also update users regularly on the test results. The key word here is transparency because this concerns every citizen.”
The Vibes has reached out to the Malaysian Communications and Multimedia Commission (MCMC) for comment but has yet to receive any response. – The Vibes, October 21, 2021
.jpeg)
