It looks like another Malaysian agency may have suffered a security breach, and this time it’s the Social Security Organisation (Socso / PERKESO). A hacker claiming to represent one Rupert_group has posted on the online hacker hangout BreachForums. As part of the claim, the hacker group says that the lax security has resulted “in the compromise of your personal information”.
The post first appeared in the forums on 5 December, with the claim of more samples, likely referring to more personal data, will be released “within the next 72 hours”. Part of the disclosed leaked personal information include names with physical and email addresses, as well as phone numbers, tied to them. Other details are also sprinkled in, including payment methods, and even the retired military status of some.
Two days after the initial post, the hacker also shared a YouTube link seemingly of a meeting involving Socso management discussing the breach. Which reinforces the veracity of the claim that the agency has indeed been compromised. The Star reports that a Socso representative says that “we are aware and will be releasing a full statement”.
Update: Via its X, formerly Twitter account, Socso has issued a statement addressing the breach, which makes a number of claims in addition to simply the data leak. The first of which is that the agency’s website was first attacked last Saturday.
SIARAN MEDIA
SISTEM, LAMAN SESAWANG PERKESO DIGODAM
ALERT: OPERASI HARIAN TIDAK TERJEJASPERKESO itu Prihatin, Prihatin itu PERKESO.#PERKESOPrihatin #ancamansiber pic.twitter.com/94wy9l2I0f
— PERKESO Official (@PERKESOofficial) December 8, 2023
The agency goes on to say that the hackers’ first attack intended to cripple the Socso infrastructure used in its daily operations. When the attempt was thwarted, the claim is that the hackers changed gears and went for character assassination of the agency instead.
And finally, on the leaked personal data, Socso claims that the veracity of the stolen data is questionable, incomplete and out of date. The agency claims to have never seen one of the data clusters since its inception in 1971. You can read the statement, embedded above, for yourself if you so choose.
Follow us on Instagram, Facebook, Twitter or Telegram for more updates and breaking news.
