KUALA LUMPUR: Communications and digital minister Fahmi Fadzil says his ministry is getting information on the reported data breaches involving the Social Security Organisation (Socso).
He said his ministry is getting the information from CyberSecurity Malaysia (CSM), and he believes that CSM, the National Cyber Security Agency, and the personal data protection department have reached out to Socso over the matter.
“I need to give them some time to investigate the matter and obtain information, because sometimes the data presented on the dark web is old information that has been repackaged and presented as if it is new.
“I will obtain the information, and God willing, my office will issue a statement later,” he said at the Madani government’s first anniversary celebration’s media centre here today.
Fahmi reminded government agencies and corporations that hold, manage and process huge amounts of data to be vigilant and appoint chief information security officers, as well as implement penetration tests.
“Connect with certified cybersecurity companies to identify any vulnerabilities in your cybersecurity systems and prevent unauthorised parties from stealing or infiltrating the data stored in our repositories,” he said.
Earlier today, local IT news site Amanz reported that Socso had been hacked by a group calling itself Rupert_Group, which saw stolen data shared on a forum previously flagged as a platform for such data.
Socso confirmed that its information database and the website had been hacked since Saturday, and the crisis management plan was activated on the same day, with the information and communications technology unit mobilised for system recovery.
It said that in the initial stages, the cyberattack was identified to be aimed at incapacitating the entire Socso infrastructure used for day-to-day operations.
“However, the success of Socso’s ICT unit in regaining control of the system ultimately led the hacker to change tactics, attempting to launch a character assassination attack on Socso’s image.
“Socso would like to assure the public that the intruder’s well-planned efforts will not hinder our services to contributors, employers and the people.
“All benefit payments, compensations, and disability pensions to contributors and their next of kin will continue to be carried out according to the specified periods,” it said.