Personal information is more than just a heap of useless numerals, as it can be exploited by some people (including criminals) to advance their wicked intentions.
Leakage of personal data has become so commonplace nowadays that even civil servants and members of parliament now find themselves victims of breach of confidential data.
The “gray hat” hacker group recently issued a blackmail letter to the Malaysian government, claiming it had gained access to enormous volumes of personal information belonging to civil servants and members of parliament.
The group gave the government up to September 12 to respond or it would make the data available for sale starting from today.
The government’s response is this: the NACSA (National Cyber Security Agency) has been instructed to probe the incident, and will take appropriate action against the hacker group.
Data leak or theft has happened in this country before. Besides vowing to take action against the perpetrators after the leakage has taken place, perhaps the government should take more proactive steps to prevent similar incidents from happening in the future.
The leakage of personal information of some 300,000 students and their parents in 2015 sparked tremendous public furor then. Seven years have since lapsed but has our cybersecurity system improved? Is the confidential information of Malaysians better protected today?
We fear not!
Four major incidents of information leakage/theft have taken place this year alone. In May, it was reported, much to the shock of the nation, that the personal data of 22.5 million Malaysian citizens kept with the national registration department (JPN) and the election commission was breached.
Soon afterward, personal data with PIKAS (public-private partnership immunization program) and CIMS (Covid-19 Intelligent Management System) 3.0 was said to have also been leaked from MITI’s website, while iPay88 online payment gateway also admitted to web security breach that could result in user data being leaked out.
And the latest case is of course the aforementioned breach in the government payroll system.
In the past, personal data leaks were mostly rare and isolated cases, but with similar cases now increasingly common, it is anticipated that more illegal syndicates will specifically target such confidential personal data in the days to come. Relevant government departments and agencies must remain highly alert in fending off their vicious assaults.
What we can’t really understand is why data leakage keeps happening. Do the authorities actually look into the issue seriously enough?
Data leakage is no small matter, and it warrants full government attention.
Where individuals’ rights are concerned, the breach of confidentiality constitutes an infringement of the data owners’ privacy. When we provide our particulars to the authorities, we expect them to shoulder the irrefutable obligation of protecting the integrity of such information and keeping it free from the slightest risk of leakage and abuse.
In this information age infested with online crooks and scammers, information leakage is not just as simple as laying our confidential information bare for public inspection, as the information could be abused by syndicates in their criminal activities.
In the latest incident, the “gray hat” group claimed that it had access to the personal information of large numbers of civil servants, including their positions, salaries, etc., which could be exploited by criminals for their own gains.
Personal information, therefore, is more than just a heap of useless numerals, as it can be exploited by some people (including criminals) to advance their wicked intentions.
It is imperative for the authorities and relevant agencies to come to realize the importance of individuals’ particulars and adopt whatsoever measures necessary to ensure its integrity.
If those in power still fail to see such importance, we can’t count on them to make any changes!
Awareness is only the first step, which must be followed by some workable solutions to comprehensively boost cybersecurity and plug the loophole.
Given the gravity of this issue, the authorities cannot afford to take a passive attitude in tackling it, allowing themselves to start probing an incident only after the breach has taken place. What they must do is to conduct a thorough review and draw up the right plans to deal with the issue.
If those in power continue to take things lightly, we can foresee a whole lot more leaks in future!