Authorities probing claim of massive MyKad data leak on dark web

The National Cybersecurity Agency (Nacsa) is investigating claims that data from the MyKads of 17 million Malaysians has been leaked and sold on the dark web.

Nacsa’s experts are attempting to verify the claims and assess the extent of the potential data breach, and they are treating the allegations with utmost seriousness. The Star reported

“Nacsa is dedicated to protecting personal data and will act accordingly depending on our results,” the agency added.

It also advised the public to check their credit records and bank accounts for strange activity and to be cautious of unsolicited correspondence, especially if they get links or attachments from unidentified numbers.

Nacsa also cautioned against disseminating unverified allegations on the subject.

Social media highlighted the issue yesterday when the alleged offenders posted images of MyKads to the dark web to back up their claims.

Gobind Singh Deo, the digital minister, announced that his ministry would look into suggestions to hold the government accountable for personal data leaks involving government institutions.

Gobind reported personal data leaks from various institutions, such as the police, Bank Negara Malaysia, and the Malaysian Communications and Multimedia Commission, through his ministry and the Personal Data Protection Commissioner’s office.

A hacker group exposed personal data like MyKad numbers, salaries, residences, and phone numbers in 2023, therefore compromising the Social Security Organization.

Concurrently, the cybercriminal group RansomHub claimed credit for the purported release of more than 300GB of Prasarana Malaysia Bhd’s confidential data in August and demanded that the public transport operator pay an unspecified ransom.