KUALA LUMPUR: Another data breach has allegedly occurred in Malaysia, this time involving the personal details of 800,000 voters.
The 67gb data breach is supposedly from the Election Commission database which is now up for "sale" on an online marketplace for a mere US$2,000.
It is understood that CyberSecurity Malaysia is aware of the alleged breach and are investigating the matter.
They are looking at all angles, including first of all whether or not any such breach had occurred.
Yesterday, the lowyat.net website spotted the sale via the marketplace and found alleged personal details such as full names, identification numbers, email addresses, birth dates and home addresses had been revealed.
Their photos, voting centre and all EC information have also been compromised by the seller.
The seller is seeking an amount of US$2,000 (RM9,401) to be paid in Bitcoin or Monero cryptocurrencies for the possession of the full electoral roll and the details of 22 million voters.
It is alleged that the data was illegally obtained from EC's MySPR website, where all details of Malaysians aged 18 and above and eligible to vote are stored.
Efforts to obtain EC's comments have so far been futile but police are currently looking into the claims.
The New Straits Times has also contacted the Malaysian Communications and Multimedia Commission (MCMC) but have yet to get a response regarding the issue.
This latest data breach comes a week before the nation goes to polls on Nov 19, and has raised concerns among Malaysians.
In May this year, online payment service provider ipay88 reported an online payment data breach.
The month before that, there was a larger scale database breach allegedly involving National Registration Department's personal data of 22.5 million citizens ranging from their full names to identification numbers, home addresses, phone numbers and ID photos, which were stolen from government servers and sold on the dark web for just US$10,000.
Then about two months later, Malaysian computer security experts, or "white hat hackers" had apparently discovered a website on the conventional internet that offered access to personal data of Malaysians.
In April's leak, Home Minister Datuk Seri Hamzah Zainuddin claimed that the breach had nothing to do with NRD, and instead pointed to telco companies, financial institutions and other agencies as being the source of the leak.
The issue also sparked anger among many netizens on Twitter today, who questioned the country's cybersecurity system and MCMC's role in safeguarding our cyberspace.