GEORGE TOWN: "What is the government planning to do to stem the data breach and what immediate steps can be taken to secure the data of millions of Malaysians?"
This is the poser raised by Gerakan following reports on weak spots in Malaysia's cybersecurity system.
Gerakan national vice-president Datuk Baljit Singh said it was something Malaysians should not be proud of.
He said Health Minister Khairy Jamaluddin had given his assurance just recently that personal data captured on the MySejahtera contact tracing app was secure and had not been compromised.
"This statement is beginning to look very weak now that bigger breaches of data are coming to light.
"How can we be sure that our personal data from apps like MySejahtera and other lists are not being mined?
"Is the government waiting for class action to be taken against it for not protecting the personal data of its citizens before it does anything concrete?
"Perhaps the time has come to review the Personal Data Protection Act 2010, which is supposed to regulate the processing of personal data for commercial transactions," he said.
Baljit said it appeared that the penalty for non-compliance of between RM100,000 to RM500,000 and/or between one to three years imprisonment were very small prices to pay for such a serious violation.
He added that it was bad enough that every Malaysian or foreigner with a local SIM card in this countryhad been getting unsolicited calls, SMS and WhatsApp messages on a daily basis from questionable sources.
"Compounding the situation of concern that our personal data is no longer regarded 'private and confidential', is news involving a local company being investigated for reportedly breaching, violating and infringing client data and confidentiality.
"What legal redress is in place for a consumer upon discovery that their personal data, including bank account details, contents of their wills, and others are being sold to outside companies? he asked.
It was reported recently that concerns had been raised over a possible weak spot in Malaysia's cyber security system, which could potentially grant unscrupulous parties access to the data of millions of Malaysians.
The breach allegedly came in the form of an Open Systems Intelligence (OSINT) tool that was available on the Internet, which in theory would allow those with enough know-how access to people's personal data.
Experts had claimed that while personal data of individuals had previously been available on the 'dark web', making the information easily procured on 'clearnet', or publicly accessible, was a different ball game altogether.
The alleged data breach was highlighted by a social media user who goes by "Cyber Guardian" via the Twitter handle @Radz1112.
The Twitter user had claimed that using the tool, one could verify the data of a person including if he or she was working with the police or military, among others.