by AZALEA AZUAR / pic by TMR FILE
THE International Trade and Industry Ministry (MITI) must explain the recent Public-Private Covid-19 Industrial Immunisation Programme (Pikas) data leak on its website.
Bangi MP and DAP spokesperson for international trade and industry Dr Ong Kian Ming (picture) said the ministry should also explain what needs to be done to protect the security of other data including the Covid-19 Intelligent Management System (CIMS) 3.0 database.
On May 31, cyber security and IT expert Dr Suresh Ramasamy revealed in his LinkedIn post that more than 2,000 Excel files can be downloaded directly from MITI’s website.
These files contain personal information of company employees — possibly more than 1.7 million based on the number of employees who signed up for the Pikas vaccination programme under their companies.
“MITI must come out with a statement to explain to the public as to why this data breach took place.
“MITI should also reach out to the companies whose employee data was listed in the Excel files that were publicly accessible so that they can be on alert if their personal data is being used by others,” he said in a statement today.
Suresh also commented on MITI’s CIMS problems which were used by companies to obtain their letter to operate during the various Movement Control Orders.
Ong hoped that the ministry can explain whether it was an error made by Malaysia Automotive, Robotics and IoT Institute’s (MARii) IT department, which is in charge of developing and maintaining the CIMS including the latest CIMS 3.0 version.
“MITI must also explain on whether these IT breaches, possibly involving MARii, is due to the lack of leadership at this agency, especially after the removal of its CEO Datuk Madani Sahari who was arrested and remanded by the Malaysian Anti-Corruption Commission, along with eight others, in March 2022, over a project worth RM85 million.
“As one of the frontline ministries in dealing with industries and companies, many of which operate at the international level, MITI must be fully transparent and present a full public explanation on this data breach so that it can continue to command the confidence of its stakeholders,” Ong added.