Online payment gateway iPay88 has revealed that a cybersecurity incident took place earlier this year, where its users' card details may have been compromised
In a statement on Thursday, 11 August, iPay88 said it immediately initiated an investigation upon discovery of the issue on 31 May, and utilised cybersecurity experts to contain the breach.
"The containment process was successfully completed and no further suspicious activity has been detected since 20 July," it said.
The company added that an investigation is still currently ongoing, and they are working closely with the authorities and other relevant parties regarding the security violation.
"To ensure the continued safety of the card data, we have implemented various new measures to strengthen the system's security against any further incidents," they assured, adding that more information of the breach will be shared in due time.
The Association of Banks in Malaysia (ABM) has also assured cardholders that in light of the breach, cardholders can continue to use their bank cards as normal
ABM, however, reminded card users to closely monitor their bank statements and transaction alerts.
"In the event cardholders detect any unauthorised transactions, they should immediately contact their bank for assistance," it said in a joint statement with the Association of Islamic Banking and Financial Institutions Malaysia (AIBIM).
The two associations added that banks have taken additional countermeasures to safeguard their users, including real-time fraud monitoring to detect unusual and fraudulent card use behaviour and dual-factor authentication to prevent unauthorised transactions.
Meanwhile, Lembah Pantai member of parliament (MP) Fahmi Fadzil has questioned why iPay88 took two months to reveal the cybersecurity breach
In a statement on Facebook today, 12 August, he questioned why the company only announced the incident yesterday, and without providing complete details about the amount of personal data or victims affected.
"This is very unsatisfactory, iPay88 should explain when exactly the company detects a data breach or theft; why it did not make an earlier announcement; and why it did not inform affected victims."
He also called out ABM and AIBIM for managing the issue half-heartedly, and asked them instead to proactively help and compensate victims of personal data theft, who may become victims of scams.
The Lembah Pantai MP finally called on the government to set up a Royal Commission of Inquiry to investigate the data breaches over the last five years thoroughly and to strengthen the country's cybersecurity.
The number of cybersecurity attacks and scam cases has been increasing over the years: