4 Million Malaysians, Aged 23-42, Might Have Their NRIC Numbers Up For Sale Online
The data of Malaysians born between 1979 and 1998 are said to be on sale, thanks to a data leak.
As reported by The Rakyat Post, a database supposedly owned by the National Registration Department (JPN) has been put up for sale on a well known database marketplace forum.
The seller claimed that it contained four million data that was obtained from the Inland Revenue Board’s (LHDN) website through API that is made for myIDENTITY.
The data consists of full names, NRIC numbers, mailing and permanent addresses, mobile numbers, and email addresses, as well as images present in the database that groups according to birth year.
4 juta data peribadi rakyat Malaysia diiklan untuk jualan. Dikatakan data dari API myIDENTITY pic.twitter.com/UboJAwPlnC
— Adnan (xanda) Mohd Shukor (@xanda) September 27, 2021
myIDENTITY allows citizens and permanent residents to access personal information and to update contact information when dealing online with government agencies.
10 agencies including both JPN and LHDN are currently linked to the platform which first went live in June 2012.
It was created with the initiative to transform the delivery of government services to a more strategic, effective and efficient system.
Government agencies can access, update and share customers’ personal information through a centralised repository.
Local Intrusion Analyst, Adnan Shukor pointed out that the sale was put up by a seller who has done this twice before.
Data Angkatan Tentera Malaysia diiklan untuk jualan. Sumber ketirisan belum dikenalpasti pic.twitter.com/HfIBKuXQil
— Adnan (xanda) Mohd Shukor (@xanda) September 27, 2021
This time the seller priced the sale at 0.2 Bitcoins, coming to an estimate value of RM35,500.
JPN director-general Ruslin Jusoh told Sinar Harian that his department had received a report on the matter, but refused to disclose further details.
“We will inform (the media) at another time,” he said.
Regardless of its authenticity, the listing is something that authorities should investigate urgently to protect the personal data of millions, as well as the integrity of myIDENTITY platform.