by NURUL SUHAIDI / pic by TMR FILE
THE Communications and Multimedia Ministry (K-KOMM) has instructed Internet service providers (ISP) to block a website that allegedly sold Malaysians’ personal data openly on the Internet.
K-KOMM Minister Tan Sri Annuar Musa (picture) said that the ministry is currently investigating an alleged data breach issue regarding an open-source website.
K-KOMM, he said, is working with the Department of Personal Data Protection (JPDP), Malaysian Communications and Multimedia Commission (MCMC) and Cybersecurity Malaysia (CSM) to delve into the website’s content and background.
“An instruction to block the website was issued to the ISP, including restricting the buying and selling of data on the website.
“Steps to take down the website were carried out at around 6.30pm on the same day,” Annuar said in a statement on Tuesday.
K-KOMM is also collaborating with various agencies, including the National Cyber Security Agency (Nacsa), Royal Malaysia Police and Bank Negara Malaysia, in its investigation into the website.
According to media reports, the issue was highlighted by a Twitter user @Radz1112 or Cyber Guardian who noted that the website allowed a person to be searched by details like name, address, phone number, MyKad or military ID or date of birth.
Annuar stressed that K-KOMM through JPDP, is working closely with the MCMC and CSM to continue to monitor and regulate the processing of personal data in commercial transactions to always comply with the principles under the Personal Data Protection Act 2010 [Act 709].
“We are committed to ensuring that personal data belonging to the federal government and the state government are kept secure at all times by relevant government agencies including Nacsa,” he said.
He also advised the federal and state governments to apply the seven Principles of Personal Data Protection, outlined under Act 709 as a guiding principle to ensure that personal data security is always maintained.
Under Section 130, Act 709, an offense in relation to the sales of personal data, is punishable by a fine not exceeding RM500,000 or imprisonment not exceeding three years or both.
“Therefore, cooperation from all parties is very important in efforts to curb cases of leakage and misuse or sale of personal data by irresponsible parties,” Annuar added.