PDRM is investigating JPN data leak via LHDN’s myIDENTITY API
There’s apparently a leaked National Registration Department (JPN) database obtained via the Inland Revenue Board (LHDN), and now the Royal Malaysian Police (PDRM) are on it. The database reportedly contains data on 4 million Malaysians, and it was being sold for 0.2BTC, or approximately RM35 419.
LHDN has denied that the leak happened via the myIDENTITY API that’s available on their website, which the seller claimed was the way he got the leaked data. The API lets government agencies access everyone’s personal data from a centralized repository, and among the agencies with access include JPN and LHDN. The database leaked reportedly contains details like name, email, mobile number, address, gender, IC number, race and religion, coming up to a total of 31.8GB.
PDRM is apparently also trying to block the sale of the database, while investigating the case with the MCMC, CyberSecurity Malaysia and National Cyber Security Agency. PDRM has not ruled out the possibility of this being an insider job. The case is being investigated under Section 4(1) of Computer Crimes Act 1997.
In the meantime, LHDN is reassuring the public that the data in their systems are well protected with verified data security technology. They are also claiming that there was no database leak.
Pokdepinion: I sure hope there was actually no data leak and that this is all a hoax… Not sure what unscrupulous people can do with so much detail on 4 million people.