tech

PDRM Is Investigating Alleged Data Leak Involving 4 Million Citizens' Info From JPN & LHDN

The police will not rule out the possibility of an inside job that led to the data leak.

Cover image via New Straits Times & Berita Harian

Subscribe to our Telegram channel for our latest stories and breaking news.

The Royal Malaysia Police (PDRM) has opened an investigation paper on the allegation of a data leak which is said to involve 4 million citizens' private information

It was previously reported that data belonging to the National Registration Department (JPN) was leaked through myIDENTITY's application programming interface (API) on the Inland Revenue Board's (LHDN) website.

Information belonging to four million citizens born between 1979 and 1998 is being sold for about RM35,500.

According to Bernama, Bukit Aman Commercial Crime Investigation Department (CCID) director Datuk Mohd Kamarudin Md Din said the investigation was launched after the JPN deputy director lodged a report at the Presint 7 police station in Putrajaya on Monday, 27 September.

Kamarudin said the police will obtain a report from JPN's information technology division and inspect JPN's and LHDN's systems to determine the source of the alleged leak.

Bukit Aman Commercial Crime Investigation Department director Datuk Mohd Kamarudin Md Din.

Image via New Straits Times

He said the police will investigate the case from all angles, adding that he will not rule out the possibility of an inside job

"We have to determine our course of action. This data belongs to us and if it goes out there, scammers will profit," The Star quoted Kamarudin as saying.

He said the police are taking the matter seriously as the leak could lead to more scams.

The police will conduct a thorough investigation in collaboration with the Communications and Multimedia Commission (MCMC), CyberSecurity, and National Cyber Security Agency (NACSA).

The case is currently being probed under Section 4 (1) of the Computer Crimes Act 1997.

JPN headquarters in Putrajaya.

Image via Malaysia Gazette

Meanwhile, LHDN refuted the allegation that the data was leaked from its department

In a statement yesterday, 28 September, LHDN said it is only a user of the myIDENTITY system, not the owner.

"An internal investigation was conducted and found no leakage of data and information as alleged," the statement read.

"LHDN is also working with the NRD, NACSA, and National Security Council to look into all possibilities regarding the allegations."

It assured that data stored by the agency is secured and advised members of the public to be careful with viral reports, adding that the allegations could be spread by irresponsible parties to mislead and deceive the public.

The data being sold includes people's names, mobile numbers, permanent addresses, identification numbers, and more:

Earlier this year, Anonymous Malaysia said the government has been irresponsibly allowing data leaks and sales of people's personal information to go on over the past few years: