KUALA LUMPUR, Dec 30 — The Ministry of Communications and Digital (KKD) takes seriously the alleged data leak, via a website on December 25, that allegedly involves Maybank, Astro and the Election Commission (EC).
Its minister Fahmi Fadzil said KKD, through the Personal Data Protection Department (PDPD) in collaboration with CyberSecurity Malaysia (CSM), is seeking feedback from Maybank and Astro on the alleged data leaks to ensure the legitimacy of data ownership.
“At the same time, a preliminary investigation into the Maybank account number information displayed on the website found that the accounts in question were invalid or non-existent because transactions could not be done through the account number.
“The initial investigation also found that there is a possibility the alleged data leak might be in reference to an incident that occurred in 2018. However, official confirmation from the relevant parties is required for the purpose of a detailed investigation under the Personal Data Protection Act 2010 (Act 709),” he said in a statement today.
Fahmi added that the investigation into the EC data leak on the website concerned will be submitted to the National Cyber Security Agency (NACSA) for further action since it is outside the jurisdiction of Act 709.
“A restriction notice has also been submitted to the Malaysian Communications and Multimedia Commission (MCMC) for the purpose of preventing the public from accessing the website. “I would like to remind all data users to always ensure that the level of cyber security is at a good level and always comply with the principles and standards of personal data protection in accordance with Act 709,” he said.
Earlier today, Fahmi shared a post by Facebook user “Pendakwah Teknologi” who claimed that user information of nearly 13 million Malaysians with Maybank, Astro and the EC had been leaked.
According to the Facebook post, a website had listed details of 3.5 million Astro subscribers, 1.8 million Maybank customers, and 7.2 million voters at 7.56pm on December 25.
The leaked information allegedly involved the affected individuals’ login ID, full name, date of birth, address, and identity card number.
Maybank then released a statement saying it is investigating the claim that there had been a data breach involving the bank.
The bank said it is “investigating if these allegations are true since Maybank has not experienced a data breach.”