Massive Data Leak by JPN, Information of 4 Million Malaysians, Aged 23 to 42, Listed for Sale

This is a serious data leak incident as it involves almost 4 million Malaysians!

Recently, a database that is believed to have belonged to the National Registration Department (JPN) had been put on sale at a well-known database marketplace form.

The database that was on sale includes important information such as full names, NRIC numbers, mailing and permanent addresses, mobile numbers, and e-mail addresses and it involves over 4 million Malaysians.

Meanwhile, it is said that the database contains data of Malaysians born between 1979 and 1998.

According to Low Yat, the seller claimed that the database was obtained from the Inland Revenue Board’s (LHDN) website through an application programming interface (API) that is made for myIDENTITY.

The myIDENTITY is essentially a national data sharing platform for the public sector, where it allows government agencies to obtain one’s personal details from a centralised repository.

The centralised database of personal details was shared by 10 agencies across the government, including both JPN and LHDN.

The incident was first highlighted by a local Intrusion Analyst, Adnan Shukor, where he said that the 31.8GB file that made up the database is currently on sale on a marketplace forum by a seller who has done this twice before.

This is not the first time this particular seller has put up a database from Malaysian organisations for sale at the marketplace forum too. Back in February, the same seller had listed a database that is said to have come from the local e-commerce platform Ifmal and the Election Commission of Malaysia (SPR).

4 juta data peribadi rakyat Malaysia diiklan untuk jualan. Dikatakan data dari API myIDENTITY pic.twitter.com/UboJAwPlnC

— Adnan (xanda) Mohd Shukor (@xanda) September 27, 2021

However, the seller had not put a price tag on the previous 2 listings. As for the database from JPN, the seller had put a price tag of 0.2 BTC, which is equivalent to around RM35,000 at the time of writing

Nonetheless, the authenticity of the database has not been verified and both JPN and LHDN have yet to comment on the matter.

What do you think about this? Share your thoughts!