KUALA LUMPUR: A group of hackers identifying themselves as the "grey hat cybersecurity organisation" have claimed they could break into the civil servants' ePenyata Gaji (ePaySlip) system to show that there are loopholes in the system.
Through a statement that was emailed to media before being published by news outlet Sin Chew Daily, hackers also claimed they could access over one million identities through the database that could be accessed via JavaScript Object Notation (JSON) and comma-separated values (CSV).
Among the information that could be accessed include full name, identification number, job position, salary, payslip number, mobile phone number, and email addresses. They could extract nearly two million payslips and tax forms in PDF formats amounting to 188.75 gigabytes.
According to the Sin Chew Daily report, several screenshots of ministers' and politicians' payslips was also attached, including Finance Minister Tengku Datuk Seri Zafrul Tengku Abdul Aziz, Umno president Datuk Seri Dr Ahmad Zahid Hamidi and former Dewan Rakyat speaker Tan Sri Mohamad Ariff Md Yusof.
The hackers also claimed to have been in contact with the government through an email sent to several officials, including the Chief Secretary to the Government Tan Sri Mohd Zuki Ali, director-general of government security department Rahimi Ismail as well as the National Audit Department.
The hackers also mentioned that the government was given a period until Sept 12 to respond to the ePaySlip loopholes revelation but to no avail.
Following that, the group planned to sell the data extracted from the ePaySlip database on several open database markets starting Sept 19.
Meanwhile, KLIA police chief Assistant Commissioner Imran Abd Rahman said a police report on the matter has been received from the National Audit Department and an investigation is being conducted.
Meanwhile, the department, in a statement, said it had recently suspected an intrusion attempt on the system involving civil servants' ePaySlip system.
"The department, however, would like to emphasise that the integrity of our information and data system is still intact and has been strengthened as a precautionary measure.
"We will continue to improve the security of the mechanisms and infrastructure of our services as a continuous effort to strengthen support for civil servants," it said.
It added that it is also working with the authorities to ensure that there will be no repeat of the incident.
"The government will not comprise with any quarters that violate the law," it stated.