Gobind: CrowdStrike event not cyberattack but failure of global cybersecurity firm, govt seeking answers from Microsoft  

PUTRAJAYA, July 24 — The massive information technology (IT) outage caused by cybersecurity company CrowdStrike that crippled services worldwide on July 20, including at Terminal 2 of Kuala Lumpur International Airport (KLIA) was not a cyberattack, said Digital Minister Gobind Singh.

Clarifying further, Gobind said the incident was a failure on the part of CrowdStrike and the government was seeking answers from Microsoft.

“When the incident happened, many turned to the government to ask if this was a cyberattack and what they were doing to resolve it,” he said at a press conference at his ministry here.

“That’s why we wanted to have this press conference just to clarify that it’s not a cybersecurity incident and not something that happened because of the government, but because of a weakness in the system.

“This is the reason why I asked for a report, and people now know it was an outage. Moving forward, my ministry wants to assure everyone we have security on the uppermost of our minds. We’ve moved Parliament very quickly since January to bring into force different legislations, for example the Cybersecurity Act and amendments to the PDPA (Personal Data Protection Act).

“We’ve also called the necessary parties involved to explain to us what happened, and we’ve set the lines clearly in respect of what we expect of them — the highest of standards — make sure these incidents don’t happen again and if it does (we must have) a response plan to deal with incidents like this,” he added,

Gobind said five government agencies were affected during the outage: Ministry of Transport, Education Ministry, Ministry of Rural and Regional development, National Health Institute and Lembaga Zakat Kedah.

No data was stolen during the outage and the agencies involved have returned to normal operations, he said.

Gobind also warned the public against trusting those pretending to reach out to help with Windows operations stemming from issues brought by CrowdStrike.

He said the ministry received reports of people taking advantage of the fallout to phish personal information.

“Many new domains popped up, made by unscrupulous individuals trying to scam, cheat and steal your information. These individuals are conducting phishing activities to steal your info and use it for criminal activities. Please be aware of this and rest assured the government is taking this matter very seriously.

“This incident shows why we urgently need to have better digital platform management systems in place. The digital ministry has taken steps in this direction by introducing and improving on the Cyber Security Act 2024 and the amendments to the PDPA,” he added.

Last Friday, major institutions such as airlines, banks, media channels and hospitals in several countries were reportedly affected by the global IT outage.

The outage was linked to global cybersecurity firm CrowdStrike Holdings Inc, an American cybersecurity technology company based in Austin, Texas, that provides endpoint protection, threat intelligence and cyberattack response services.