GEORGE TOWN: Over 600,000 “rows of private data” from the Penang government’s official website have allegedly been stolen and uploaded onto the internet.
The data was uploaded to a forum known as BreachForums by a user with the handle “LeakBase” on Jan 18, who said it was available for download.
The claim was first shared on Twitter by @FalconFeedsio, who said LeakBase claimed the data included usernames, passwords, full names, email addresses and security-related keys such as one-time passwords (OTPs).
The Penang state government’s website (www.penang.gov.my) is a one-stop portal which offers over 30 different e-services for the civil service, state assemblymen and the state executive council.
Penang state executive councillor Zairil Khir Johari said that while the leaked data is from an outdated database, the state government was taking a serious view of the matter and would carry out whatever remedies that were necessary.
“We cannot accept any such breach as it exposes vulnerabilities in our system,” he told FMT.
“The state secretary’s office that runs the website has been instructed to carry out an assessment of vulnerability to prevent future breaches.”
Separately, former Penang chief minister Lim Guan Eng said he was shocked to find out about the breach and said an urgent investigation ought to be carried out by the cyber security agencies.
“I will be pushing for answers at the coming Parliament sitting on this,” said the Bagan MP when contacted for comment.
Data breaches have been rampant in Malaysia over the past few years.
The latest notable incident in December saw a Facebook user claim that personal information of nearly 13 million Malaysians had been leaked from Maybank, Astro and the Election Commission’s websites.
Subsequently, Astro said initial investigations found its customers’ information had not been compromised, while Maybank said it had not experienced a data breach.
Cybersecurity firm Surfshark recently revealed that Malaysia had over one million breached users last year, ranking 10th in Asia and 27th in the world with 32 breached users for every 1,000 people.