The Bukit Aman Commercial Criminal Investigation Department Director, Datuk Mohd Kamarudin Md Din at a news conference on the success of toppling the Fly by Night syndicate that is involved in the vehicle spare parts scam at the Jinjang Police Station in Kuala Lumpur. PIX: HAZROL ZAINAL / MalaysiaGazette / 28 SEPTEMBER 2021 JPN IRB data leak break 4 million Malaysians lowyat.net
Pengarah JSJK Bukit Aman, komisioner Datuk Mohd Kamarudin Md Din. Foto HAZROL ZAINAL, 28 SEPTEMBER 2021.

By Kumara Sabapatty

KUALA LUMPUR – The police have opened an investigation paper on the personal data leak by the National Registration Department (JPN).

The Bukit Aman Criminal Investigation Department Director, Datuk Kamarudin Mat Din said that a police report was lodged by the Deputy Director of JPN at the Precinct 7 Police Station in Putrajaya on 27 September.

However, he did not reject the possibility of insiders’ involvement in the data leak and sales incident, as circulated in the social media recently.

“For your information, we have received a police report from JPN and we have opened the investigation paper today under Section 420 of the Penal Code, Section 4(1) of the Computer Crimes Act 1997 to further investigation on the issue and to verify if the data was hacked.

“We will investigate into the JPN and Inland Revenue Board (IRB) system to identify if there is a data breach,” he said during a news conference at the Jinjang Police Station today.

On a relevant development, Kamarudin said that the police is getting the report from the JPN Information Technology Department, and will hold a discussion to seek the source of data leak and it will be studied from all aspects.

He will create is own team to investigate the cyber crime involving the personal data from JPN and it will involve the cooperation from every party, including the National Cyber Security Agency (NACSA) and the Malaysian Communications and Multimedia Commission (MCMC).

“We will take early actions in blocking the sales of personal data from happening to avoid the situation from becoming worse.

“At the same time, the cooperation from NACSA is needed by the CCID so that we can seek a solution to identify the best system to strengthen database control to avoid them from being hacked.

“Therefore, we have yet to identify the preliminary suspect in this case, and the investigation will take some time. We will begin our investigation, and anyone could be a suspect. We cannot deny the involvement of insiders,” he said.

Earlier, a digital discussion forum, lowyat.net shared that the JPN database of 4 million Malaysians is listed for sales at around RM35,500 in a renowned database market forum. The database contains personal data of four million Malaysians born between 1975 and 1998.

The seller also alleged that the data was obtained from the IRB website through the Application Programming Interfaces (API) created for the myIdentity system. -MalaysiaGazette