More Than 4 Million Malaysians JPN Data Marketed Online

The dataset contains important contact information, such as home and cell phone numbers, along with the MyKads system.

More Than 4 Million Malaysians JPN Data Marketed Online
More Than 4 Million Malaysians JPN Data Marketed Online | Image credits: The Rakyat Post

According to a claim made by an IT specialist on Twitter, the personal data of millions of Malaysians aged 23 to 43 held by the National Registration Department (JPN) was put up for sale online for around RM35,000.

Adnan Shukor also shared a screenshot showing the vendor providing 4 million people's data from the Inland Revenue Board, which had been leaked through a hack (LHDN) (LHDN).

In addition to the tax agency, there are ten other government agencies using a platform called myIDENTITY to share JPN data. According to MalaysiaNow, the accusations are now being investigated.

These people's addresses, phone numbers, and photographs, as well as their race, religion, and MyKad identification number may be found in a total of 32GB of data scattered across 19 files. The information is accessible for 0.2 bitcoin, or roughly RM35,000 at today's market pricing. The seller has previously offered personal data for sale, according to a post on the popular technology forum Lowyat.net.

According to the investigation, the same seller had previously sold a database that he said had been stolen from the United States Election Assistance Commission (EEAC).

About a decade ago, the government-backed myIDENTITY platform was designed to make it easier for Malaysians and permanent residents to share data. As well as allowing JPN and LHDN, the platform also allows the immigration and road transportation ministries as well as the Election Commission and Education Service Commission to access data as well as the Social Welfare Department and Labor Department of Peninsular Malaysia.

Despite the 2013 Personal Data Protection Act, personal data leaks continue

Because of the technology, filling out online applications for government agencies is now quicker and easier for Malaysians. Personal data leaks continue to occur despite the Personal Data Protection Act of 2013 being in place.

For example, in 2017, a significant data breach revealed the personal information of over 46 million users to major mobile telecom providers, including their phone numbers and address. This information was then published on the dark web. In the interim, in March, another big data breach exposed the personal information of hundreds of thousands of people in Malaysia, Singapore, the Philippines, Vietnam, Indonesia, and Thailand, as well as other countries across the world.