MyKad data breach claim: JPN denies leak, cites no suspicious activity

KUALA LUMPUR, Dec 5 — The National Registration Department (NRD) has denied allegations of a data breach involving MyKad information for 17 million Malaysians, asserting that its systems remain secure with no suspicious transactions detected.

In a statement today, NRD said its internal investigations revealed no evidence of data leaks or unauthorised activity within its system.

The department also stressed that no such incidents have ever occurred involving its database.

“To address this matter comprehensively, NRD is collaborating with the National Cyber Security Agency (Nacsa) and the Royal Malaysia Police to facilitate investigations on their end,” it added.

NRD reaffirmed its commitment to safeguarding the security and integrity of Malaysians’ personal data under its care, emphasising that such information remains protected.

The claims of a massive data breach first surfaced on December 3 when dark web threat intelligence firm StealthMole alleged on X (formerly Twitter) that MyKad data belonging to 17 million Malaysians was being offered for sale online.

According to the firm, threat actors had shared samples of Malaysian ID cards on the dark web as proof, raising concerns about potential identity theft and financial fraud.

Yesterday, Nacsa confirmed it was investigating the claims, describing the matter as “serious” and assuring the public of ongoing efforts to verify the authenticity and scale of the alleged breach.

“Nacsa is committed to safeguarding personal data and will take necessary action based on our findings,” a spokesman said in a statement.

The agency also urged Malaysians to remain vigilant, monitor financial accounts for unusual activity, and practise good cyber hygiene, including using strong passwords and avoiding suspicious links or emails.