Annuar Musa: Probe into data breach involving four million Malaysians must be thorough to restore confidence

Personal data protection must be given more attention if Malaysia intends to be among the main digital hubs in Southeast Asia.

Communications and Multimedia Minister Tan Sri Annuar Musa said it was important to build confidence among users and investors.

“One of the most important aspects in building such confidence is to address cybersecurity issues seriously,” Annuar said.

“With the world undergoing digitalisation, there is an urgent need for us to create an ecosystem in which the issue of cybersecurity is of paramount importance.”

He pointed out that Malaysia was ranked fifth by the Global Cybersecurity Index 2020 report, conducted by International Telecommunications Union (ITU), and was among the top 10 countries with the highest commitment to cybersecurity.

“This does not mean that we are not vulnerable to cyber threats. The alleged incident at one of the government agencies, involving personal data leakage, should be an eye-opener.”

Last week, it was alleged that the personal data of four million Malaysians, obtained from the National Registration Department, were being sold online. The shocking allegation comes some three months after Malaysians were stunned to find their names registered as People’s Volunteer Corps (Rela) members without their knowledge or consent.

The Home Ministry had promised to probe the Rela fiasco, but till today, there have not been any updates as to how personal data of Malaysians were surreptitiously uploaded into Rela’s database.

Annuar said it was imperative for his ministry and the Malaysian Communications and Multimedia Commission (MCMC) to study the alleged data leakage by NRD.

“In this case, no stone must be left unturned during investigations, including cyber forensics studies to find out how such leakages happened.

“Even though it might be out of this ministry’s purview, it is imperative that we study this case closely as it is the responsibility of the ministry and agencies such as MCMC and the Department of Personal Data Protection, to know how such leakages happened, so that they can be prevented in the future.”

Annuar also directed MCMC to revisit the MCMC Act, 1998 to ensure that cybersecurity breaches such as personal data leakages could be handled “by force of law, with gravity”.

“I hope a thorough investigation on the alleged leakage by said government agency will be conducted,” he added.