KUALA LUMPUR: All government agencies involved in the collection of personal data should immediately institute data security measures to prevent any further data breaches for such official databases.
Malaysian Digital Economy Consumer Association secretary-general Muhammad Sha'ani Abdullah said incidences of such data breaches involving government agencies should also be investigated by Public Services Department and the head of department should be taken task.
“Repeated incidences by government agencies that collate massive personal data make the Personal Data Protection Act 2010 that only covers private entities meaningless,” Sha’ani said in statement today.
He was commenting on a report by the Lowyat.net website that the personal details of over 220,000 organ donors and their next-of-kin (NOK) had been leaked online.
The website said the the leaked data contains MyKad numbers, home addresses and telephone numbers of the pledgers and their next-of-kin.
“We can confirm, that files containing complete details of pledged organ donors had been leaked online as early as September 2016. The data contained in the file is updated up to Aug 31, 2016, and contains the following details of organ pledgers.
“The leaked data contains sign-up data from Government Hospitals as well as National Transplant Resource Centers across the country – which would mean that it has been retrieved from a central database,” Lowyat.net said.
It adds that files were dumped on the Aug 19, and was uploaded online to a popular file sharing service on the Sept 29 the same year.
“The data dump is divided into files, by year of sign up – from 1997 till 2016, however, for reasons we are not able to ascertain, all data from 1997 to 2008 is filled with auto generated dummy data, rendering them useless.
“The data dump from January 2009 to August 2016 however contains complete personal details of around 220,000 individuals who have signed up as organ donors, as well as personal details of their next-of-kin.
“Aside from the personal details of all pledged organ donors, the dump also includes yearly breakdown of demographic data of all organ pledgers, broken down by sex, race, state of origin, types of organs as well as age group,” it explained.
It pointed out that aside from the usual risks associated with data breaches, the presence of relationship data between two individuals also increases the risks of malicious social engineering attacks against the victims.
Lowyat.net said the latest leak contains one very serious implication, in that it reveals personal information of a nominated next of kin.
“This doubles up the actual number of records leaked to 440,000, and also links two individuals to each other in a binding relationship – whether it may be husband/wife, siblings or parental.”
Lowyat.net said it has already alerted the Department of Personal Data Protection of the alleged data leak before it published the report.