Information such as your full name, IC number, phone number and address may have been leaked.
Subscribe to our Telegram channel for the latest stories and updates.
[UPDATE: LHDN says that they are working with JPN, and the National Cyber Security Agency (NACSA) of the National Security Council (MKN), to investigate the matter.
LHDN also denies that the data was obtained from their their website and said in a statement that it is data from an API used by myIDENTITY which is under JPN’s supervision.]
Important information such as full names, NRIC numbers, mailing and permanent addresses, mobile numbers, and e-mail addresses of an estimated 4 million Malaysians are said to be on sale thanks to a data leak.
The database is said to have belonged to the National Registration Department (JPN) and was obtained from the Inland Revenue Board’s (LHDN) website through an application programming interface (API), reported Low Yat.
It is said to contain data of Malaysians born between 1979 and 1998.
The API was meant for the national data-sharing platform, myIDENTITY that was launched nine years ago. It is a centralised database of personal details shared by 10 agencies across the government.
Local Intrusion Analyst, Adnan Shukor pointed out that the 31.8GB file that made up the database is currently on sale on a marketplace forum by a seller who has done this twice before.
4 juta data peribadi rakyat Malaysia diiklan untuk jualan. Dikatakan data dari API myIDENTITY pic.twitter.com/UboJAwPlnC— Adnan (xanda) Mohd Shukor (@xanda) September 27, 2021
Previously the seller listed databases that are said to have come from the local e-commerce platform Ifmal and the Election Commission of Malaysia (SPR).
Unlike previous listings, the seller put a price tag of 0.2 Bitcoins (BTC) or approximately RM35,500.
All that said, the authenticity of the database has not been verified, and as of yet, neither JPN nor LHDN have commented on the matter.