KUALA LUMPUR – Police have initiated investigations into claims that personal data belonging to millions of Malaysians from the National Registration Department (NRD) has been compromised and put up for sale by hackers.
Bukit Aman Commercial Crimes Investigation Department director Datuk Mohd Kamarudin Md Din said investigations were triggered after a report was lodged on the supposed leak.
“Investigations are ongoing to establish the authenticity of the claims that have been made. Police urge the public to refrain from speculating on the issue,” he said in a statement today.
Earlier today, technology news sites reported that a group of hackers claimed to possess the personal details of 22.5 million Malaysians from the NRD’s database.
Information that was supposedly compromised included MyKad numbers, dates of births, home addresses, genders, and registered phone numbers of those born between 1940 and 2004.
The hackers were said to have placed an asking price of US$10,000 (RM43,870) worth in bitcoin, which reports claimed was listed on a “well-known” database marketplace, one not on the dark web.
To entice buyers, the seller posted personal details of Home Minister Datuk Seri Hamzah Zainudin along with the sale listing to “prove” the ownership of the 160GB dataset that even contains photographs used in MyKads.
Tech website SoyaCincau also reported that several weeks earlier, the same seller had claimed to possess the database of 802,259 Malaysians obtained from the Election Commission’s (EC) voter registration page.
These include the “electronic Know Your Customer images of people taking selfies while holding their IC”, a verification method used by the EC, which was listed for US$2,000 (RM8,791) for the 67GB dataset.
Last September, leaked MyIdentity data was being sold online for 0.2 bitcoin (about RM35,000 then) with the seller alleging that the dataset had four million entries obtained from the MyIdentity API through the Inland Revenue Board website. – The Vibes, May 18, 2022
.jpeg)
