22.5 million Malaysians' personal data leaked online

Following a recent report that personal data belonging to 22.5 million Malaysians were put up for sale, Malaysia’s Home Affairs Minister Dato Seri Hamzah Zainudin denies that the data came from the National Registration Department (JPN).

He said the Home Affairs ministry will investigate the individuals behind the sale of personal data.

There are no further details at the moment and there’s also no mention of a separate sale of personal data and eKYC photos which allegedly came from the Election Commission’s voter registration site.

To provide proof that the database is legit, the seller even provided sample data belonging to the Home Minister itself. The record contains:

Full name,
Home address,
Date of birth,
Gender,
IC number,
Race,
Religion,
The photo in the IC.

Even if the source is not directly from JPN, the type of data collected is still a huge concern as it can be misused for scams and phishing attacks. At the moment, most Malaysians would have probably received a scam call impersonating officials from Inland Revenue Board, banks, police, and courthouses.

Another massive data breach at the Texas Department of Insurance leaked the sensitive information of almost 2 million Texans for nearly 3 years.