E-Pay Gateway iPay88 Reveals Its Security Breach May Have Compromised Users' Card Details

Follow us on Instagram, TikTok, and Telegram for the latest stories and breaking news.

In a statement on Thursday, 11 August, iPay88 said it immediately initiated an investigation upon discovery of the issue on 31 May, and utilised cybersecurity experts to contain the breach.

"The containment process was successfully completed and no further suspicious activity has been detected since 20 July," it said.

The company added that an investigation is still currently ongoing, and they are working closely with the authorities and other relevant parties regarding the security violation.

"To ensure the continued safety of the card data, we have implemented various new measures to strengthen the system's security against any further incidents," they assured, adding that more information of the breach will be shared in due time.

ABM, however, reminded card users to closely monitor their bank statements and transaction alerts.

"In the event cardholders detect any unauthorised transactions, they should immediately contact their bank for assistance," it said in a joint statement with the Association of Islamic Banking and Financial Institutions Malaysia (AIBIM).

The two associations added that banks have taken additional countermeasures to safeguard their users, including real-time fraud monitoring to detect unusual and fraudulent card use behaviour and dual-factor authentication to prevent unauthorised transactions.

In a statement on Facebook today, 12 August, he questioned why the company only announced the incident yesterday, and without providing complete details about the amount of personal data or victims affected.

"This is very unsatisfactory, iPay88 should explain when exactly the company detects a data breach or theft; why it did not make an earlier announcement; and why it did not inform affected victims."

He also called out ABM and AIBIM for managing the issue half-heartedly, and asked them instead to proactively help and compensate victims of personal data theft, who may become victims of scams.

The Lembah Pantai MP finally called on the government to set up a Royal Commission of Inquiry to investigate the data breaches over the last five years thoroughly and to strengthen the country's cybersecurity.