KUALA LUMPUR, Aug 12 — PKR information chief Fahmi Fadzil has today called for a royal commission of inquiry (RCI) to probe incidents of data breach and leaks that have occurred over the past five years, after claiming more than 100 million personal data have been stolen in the same period.
Citing the recent and shocking cybersecurity breach which took place around May this year that was revealed by e-payment provider iPay88, the Lembah Pantai MP said security of Malaysians' personal data must be respected and protected at all times.
"I urge the government to form an RCI to probe all incidents of personal data breaches, theft and leaks that have occurred over the past five years.
"(I also urge Putrajaya) to identify holistic measures to strengthen the nation’s cybersecurity and ensure justice for victims of personal data theft, including those who fall prey to scammers,” he said in a statement.
Recently, iPay88 confirmed it had experienced a cybersecurity breach that may have compromised the card data of users more than two months ago.
The e-commerce firm said an investigation was initiated on May 31 and was ongoing while cybersecurity experts had been roped in to mitigate the issue, with "no further suspicious activity detected since July 20”.
Following the cybersecurity breach, the communications and multimedia ministry’s personal data protection department has also begun a probe into the matter.
Taking the company to task, Fahmi said it was very unsatisfactory for iPay88 to only reveal the breach several months after its occurrence, adding that the company should have immediately notified those affected at first light upon detection.
He also reiterated his call for the Personal Data Protection Act to be amended urgently to require parties like iPay88 to immediately notify users and the authorities over any data breaches.
"If iPay88 is serious and sincere in addressing the cybersecurity matter, they should provide financial compensation to all victims," Fahmi added.
Last but not least, Fahmi also said he felt compelled to reprimand the Association of Banks in Malaysia (ABM) and the Association of Islamic Banking and Financial Institutions Malaysia (AIBIM) for not doing enough in assisting victims of iPay88's data theft.
He accused the associations for issuing 'afterthought' statements after the latter had assured cardholders of the extra precautionary measures taken by financial institutions in handling the breach.
"Financial institutions and bodies like ABM, AIBIM and others need to be the main mover in recommending compensation mechanisms, including financial compensation to victims,” he said.