The National Cyber Security Agency (Nacsa) is investigating claims that personal data from 17 million MyKad holders in Malaysia has been leaked and is being sold on the dark web. In a statement issued to The Star yesterday on 4 December, a spokesperson reassured the public that the matter is being taken seriously and stressed the agency’s commitment to safeguarding national cybersecurity.
“Our experts are investigating the situation thoroughly to verify the authenticity of these claims and assess the extent of any potential compromise,” the agency told the publication. “Nacsa is committed to safeguarding personal data and will take necessary action based on our findings.”
The breach was initially reported by StealthMole, a dark web threat intelligence firm, through a post on X on 3 December. The firm stated that threat actors claim to possess MyKad data for 17 million Malaysians, offering it for sale on the dark web. To substantiate their claims, samples of Malaysian ID cards were allegedly shared publicly on dark web platforms.
It is claimed that data of 17 million Malaysian🇲🇾 citizens' MyKAD has been leaked and is being sold on the dark web. As proof, they have publicly shared samples of Malaysian ID cards on the dark web. This massive data breach raises concerns as it could lead to serious crimes like… pic.twitter.com/MAXn5YUW8T
— Fusion Intelligence Center @ StealthMole (@stealthmole_int) December 3, 2024
The suspected source of the MyKad data leak is a breach of the eKYC (Electronic Know Your Customer) system, which uses identity card photos for quick user verification. While such photos are typically not meant to be stored by online platforms, the exposure of data from 17 million individuals through MyKad images suggests this as the most plausible explanation for the breach.
In response, Nacsa has committed to providing updates as more details emerge. The agency also urged the public to avoid spreading unverified information and to rely solely on official updates from authorities. This approach, they stressed, is crucial to prevent panic and misinformation.
Nacsa further advised the public to take precautionary steps to protect themselves from potential misuse of their personal information. These include regularly monitoring bank accounts and credit reports for suspicious activity, exercising caution with unsolicited communications, avoiding suspicious links or attachments, and adopting strong password practices. The agency adds that investigation into the claims remains ongoing.
(Source: StealthMole, via The Star)
Follow us on Instagram, Facebook, Twitter or Telegram for more updates and breaking news.
