Lembah Pantai MP calls for RCI, cyber security audit after another data leak from govt agency

·2-min read
Malay Mail
Malay Mail

KUALA LUMPUR, Sept 17 — PKR’s Fahmi Fadzil today pushed the government to set up a Royal Commission of Inquiry (RCI) to look into Malaysia’s cyber security following yet another data leak from a government agency.

The Lembah Pantai MP cited vernacular paper Sin Chew Daily which two days ago reported a breach of the government's online salary system by cybercriminals who might have stolen one million sets of personal data as well as two million salary slips.

“This is the fourth large-scale data theft incident reported for 2022, and it is estimated that over 25 million sets of personal data have been stolen so far this year alone.

“Therefore, I urge the Prime Minister to take this issue very seriously by establishing a Royal Commission of Inquiry to investigate all incidents of personal data theft in Malaysia in the last five years,” Fahmi said on Facebook.

He also urged the prime minister to order an immediate cyber security audit in all ministries to identify existing digital loopholes in which hackers could enter and steal personal information.

Fahmi, who is the Pakatan Harapan communications director, said the prime minister should provide a public explanation on what’s being done to safeguard confidential information online at the next Dewan Rakyat sitting.

He also urged the finance minister and the minister of communications and multimedia to look into setting up a mechanism to punish personal database operators who fail to guarantee the security of data in their operations, as well as a mechanism for compensation or damages for all victims of the crime of personal data theft.

“This is to send a very clear message that any party that handles personal data must be held accountable if the security of the data is compromised, and that those who are victims of data theft must get justice.

“When we realise that three out of four personal data theft incidents this year are believed to involve government agencies, then the government must amend the Personal Data Protection Act 2010 including by not exempting the federal government and state governments from the application of this act,” he said.