It appears that there’s another massive data leak incident in the country and this time, the dataset involved the personal information of Malaysian civil servants.
According to Sin Chew Daily, the unidentified organisation that claimed to have identified vulnerabilities within the ePenyata Gaji (the salary data system for Malaysian civil servants) and obtained a significant amount of data from the system.
In a statement, the group said the items obtained the data from ePenyata Gaji is a database in JSON and CSV format which has more than a million rows of identities.
The information obtained is believed to contain the full name, MyKad number, position, department, pay slip number, mobile phone number, and e-mail address of Malaysian civil servants.
Elaborating further, the group claimed that it has extracted almost two million pay slips and tax forms in PDF format with a total file size of 188.75GB.
Meanwhile, Sin Chew reported that it has sighted several screenshots that the group has attached to its statement, which include pay slips of several notable politicians such as Finance Minister Tunku Zafrul, former Deputy Finance Minister Ahmad Zahid Hamidi, and former Speaker of the Dewan Rakyat Mohamad Ariff Md Yusof.
The group also said it sent an email to the Malaysian government on 7 September, to several high-ranking officials including Chief Secretary Mohd Zuki Ali, Chief Security Officer Rahimi Ismail, as well as the Auditor General’s office.
However, as of 12 September, they have yet to receive a response from them. Thus, it now plans to sell the data it has extracted from ePenyata Gaji on several well-known database marketplaces starting from 19 September onwards.
While there isn’t any information available for verification, the recent maintenance activities on the ePenyata Gaji do match the timeline of the event. According to the National Audit Department’s Facebook page, the maintenance took place on 9 and 13 September.
Meanwhile, Communications and Multimedia Minister Tan Sri Annuar Musa said the National Cyber Security Agency (NACSA) had been tasked to investigate the matter and take action.
He added that the Prime Minister’s Department would assist NACSA in the event any government data had been compromised.
“Under NACSA, the matter is being investigated by the agency. JPM (the Prime Minister’s Department) will assist if there is a data breach,” he said, reported NST.
What do you think about this? Share your thoughts!