NRD to review protocol to curb leaks
PUTRAJAYA: The protocol for agencies to obtain information from the National Registration Department will be reviewed, following an alleged data leak purportedly stolen from the department, says Datuk Seri Hamzah Zainudin.
However, the Home Minister said the alleged leak containing information of 22.5 million Malaysians was not from the department.
“Previously, there was a similar allegation, but we managed to prove the leak was not from the department.
“Our investigation showed that it (leak) was from several agencies which we had given some leeway to obtain information from us (NRD).
“So, we plan to review the standard operating procedure to obtain information from the NRD,” he said at the Home Ministry’s Hari Raya Aidilfitri open house.
Meanwhile, Hamzah said investigations are underway to ascertain whether there was any truth in the latest leak allegation.
NRD director-general Datuk Ruslin Jusoh said the department lodged a police report yesterday.
“While we let the police investigate the claim, the department will also carry out an internal probe,” he said.
The country’s data security is in the spotlight again following claims that information of 22.5 million Malaysians born between 1940 and 2004, was stolen from the NRD.
Local tech portal Amanz reported that the database, 160GB in size, is being sold for US$10,000 (RM43,950) on the dark web.
In the screenshot shared by the portal, the seller claimed that this was an expanded database compared to the one he sold in September last year, which was only up to 1998.
In both incidents, it was claimed that the data was syphoned from the NRD through the Myidentity API.
Myidentity is a centralised data-sharing platform that is used by various government agencies.