KUALA LUMPUR: A website which allegedly contained personal data of Malaysian citizens was taken down by the authorities hours after it was discovered last Sunday (June 12).
Communications and Multimedia Minister Tan Sri Annuar Musa said the website was taken down at 6.30pm, after a restriction instruction on the website was issued to Internet service providers (ISPs) to prevent data transactions on the site.
He said that shortly after the site's existence was established, an immediate review and investigation was carried out by the Personal Data Protection Department (JPDP), the Malaysian Communications and Multimedia Department (MCMC) and CyberSecurity Malaysia (CSM).
"A restriction instruction was then imposed on the website before it was taken down the same day.
"At the same time, further integrated in-depth investigations are being conducted by the National Cyber Security Agency (NACSA), JPDP, MCMC, CSM, the police and Bank Negara Malaysia," he said in a statement today.
Annuar said the ministry, through JPDP, MCMC and CSM, will continue to monitor and regulate the processing of personal data in commercial transactions to ensure compliance with the principles of the Personal Data Protection Act 2010 (Act 709).
"The security of personal data belonging to the federal government and state governments will be ensured by the relevant government agencies and NACSA," he said.
He said the federal and state governments are advised to apply the seven principles of personal data protection under Act 709 as guidelines to uphold the security of people's data.
Under Section 130 of the Act, the unlawful collection, disclosure or sale of personal data is punishable with a fine of RM500,000 or imprisonment of up to three years or both.
Annuar said cooperation from all parties is crucial in efforts to curb cases of leakage, misuse or sale of personal data by irresponsible parties.
The alleged data breach was highlighted by a social media user on Sunday. The user, who went by the handle @Radz1112 had claimed that the site enabled anyone, using a name and birth year, to search and verify if a person was working with the police or military.
The user had also claimed that information related to the MySejahtera application could also be retrieved via the site, albeit with payment.
Cyber security experts later told the New Straits Times that such information could be used to the advantage of scammers and other cyber criminals.