IRB denies claim of database sale

The agency guarantees that all data and information stored under the system is safe and protected by verified data security technology

by ASILA JALIL / pic by BERNAMA

THE Inland Revenue Board (IRB) denies reports of a personal information database involving four million Malaysians belonging to the National Registration Department (NRD) which was reportedly listed for sale at a database marketplace forum.

The government agency said internal investigations showed that there had been no data and information leak as claimed by an online portal.

“The IRB would like to deny a report made by an online portal which claimed four million data was leaked, obtained from IRB’s website via Application Programming Interface (API) made for MyIdentity, which is under the supervision of the NRD.

“IRB is working with the NRD and National Cyber Security Agency, National Security Council to study all of the possibilities concerning the claims.

“The IRB guarantees that all data and information stored under the system is safe and protected by verified data security technology,” it said in a statement yesterday.

Tech website lowyat.net yesterday reported that the NRD database had been put up for sale on a marketplace forum for 0.2 bitcoin or around RM35,000.

It said the seller on the marketplace claimed that it held almost four million information of Malaysian citizens that was obtained from the IRB through MyIdentity API.

MyIdentity is a platform that allows citizens and permanent residents to access personal information and update contact information when dealing with government agencies online.

Its pilot project began on June 14, 2012, in 10 government agencies namely the NRD, IRB, Malaysian Immigration Department, Road Transportation Department, Election Commission, Education Service Commission, Social Welfare Department, Labour Department of Peninsular Malaysia, National Higher Education Fund Corp and Royal Malaysian Police.

On its role with regards to the MyIdentity platform, IRB explained that it was only a user of the system and did not have any ownership of it.

“IRB deeply regrets the report and allegations as it could affect the public’s confidence, especially taxpayers’ concerns towards the safety of their data and information.

“We also would like to advise everyone to be more careful with the matters that have gone viral such as this issue and not to rule out the possibility that it was done by those who want to mislead and deceive the public,” it added.

According to the report, the seller claimed the total data available equalled 31.8 gigabytes and is grouped by birth year from 1979 up to 1998.

Other information available in the alleged database included name, mobile number, permanent address, gender, IC information, photo, race and religion.

NRD DG Datuk Ruslin Jusoh told Sinar Harian that his department had received a report of the sale but he refused to disclose further details on the matter.

In February, the same seller claimed to have a hold of 10 million Malaysian voter databases.

The seller claimed the database was grouped according to individual birth years from 1950 until 1996.

In June, several people had claimed that the People’s Volunteer Corp (Rela) had used their personal details for automatic registration as its volunteers.

Rela had denied the claims and stated that automatic registration without an individual’s consent is against Section 6(1) of the Personal Data Protection Act 2010.