Share This

Showing posts with label The Star Says. Show all posts
Showing posts with label The Star Says. Show all posts

Sunday, 22 May 2022

Act swiftly to prevent data breaches

 


The Most EFFECTIVE WAYS to Prevent a Security Data Breach

 

THE allegation that the personal data of 22.5 million Malaysians born between 1940 and 2004, purportedly from the National Registration Department (NRD), have been stolen and sold on the dark web is a serious concern.

According to local tech portal Amanz, the 160GB database containing information such as a person’s name, identity card number, address, date of birth, gender, race, religion, mobile number, and Base54-based photo, is being sold for US$10,000 (about RM43,885) at a well-known database marketplace forum.

In a screenshot shared by the portal, the seller claimed that the database was an expanded repository from the one he sold in September last year.

In the incident last year, the personal data of four million Malaysians were allegedly leaked from the MyIdentity API (application programming interface) and put up for sale at RM35,419.

MyIdentity is a national data-sharing platform that allows government agencies to access individuals’ details from a centralised repository.

This is not the only government database that has been put on sale this year. Apparently, a couple of weeks earlier, the same seller had posted a database allegedly belonging to 802,259 Malaysian voters, obtained from the Election Commission’s website, on the black market.

And sadly, these are not the only incidences of government database breaches.

While the Home Affairs Ministry has denied that the latest database leak was from NRD, the police, on the other hand, have already started their investigation into the breach.

But whatever the outcome is, with the rising number of cases involving government personal data leaks, the authorities must be held accountable for such breaches.

Heads, especially those given the task of ensuring the safety and security of these public data, must roll.

They must be held accountable for their failure in protecting the people’s interests and in ensuring the safety and security of their private details, which could easily be abused.

The government must also act swiftly to address the weaknesses in their system and reassure Malaysians of a better solution to safeguard data stored by government departments and agencies.

It is a question of public safety.

Scammers could use the stolen data to cheat people of their money, while telemarketers would have a field day making unsolicited calls from the leaked telephone numbers of Malaysians.

To prevent leaked data from being misused, the government, including the police, must work harder to go after scammers, who could use such information to trick victims, especially via the Macau scam.Last year, 1,585 Macau scam cases were reported nationwide, resulting in RM560.8mil in losses. This year, the number has already reached 1,258 cases as at April 19, involving RM65.4mil in losses.

As for telemarketing, the Malaysian Communications and Multimedia Commission (MCMC) must be more vigilant and introduce sterner measures to prevent unsolicited calls.

Actions to stop the scammers and unsolicited calls would restore people’s confidence in government agencies despite the data breach.

Lastly, as the custodian of all Malaysians’ data, the government must also be held accountable for any breach.

Currently, the Personal Data Protection Act 2010 (PDPA) does not apply to the federal and state governments. Instead, it only covers commercial entities.

While proposals to amend the PDPA, including making the government accountable, have been made, the amendments have yet to be tabled in Parliament.

Therefore, lawmakers should seriously consider the urgency of the amendments to make Malaysians’ personal data safer in the public domain, preventing them from falling into the wrong hands for illegal use.

This has to be done quickly to prevent more of such data breaches before it is too late and puts national security at risk. 

Source link.  

 Related:

Hisham: Data leak won't affect national security

'Govt must also be held accountable' | The Star

Public fuming over another likely data leak

CLICK TO ENLARGECLICK TO ENLARGE

PETALING JAYA: The public are outraged over another alleged data leak containing the information of 22.5 million Malaysians born between 1940 and 2004, stolen from the National Registration Department (NRD).

Many are anticipating more scam calls and SMSes as well as fraudulent online transactions to occur over the breach.

Businessman Amirul Asraf, 31, from Wangsa Melawati, said such incidents were the root cause for many the scam calls people are receiving on a daily basis.

“With these data, scammers can convince people that they are calling from the banks, courts, police and authorities. This will make people’s lives harder.

“I read a case where a poor man who obtained assistance from his local assemblyman was cheated after a scammer emptied him out. The assemblyman had to help the victim again as a result.

ALSO READ: ‘Govt must also be held accountable’

“These scammers are heartless. They don’t care if they take a lot or a little or whom they trick, as long as they get the money,” he said.

Software engineer Ahmad Ridzwan, 30, from Bukit Jalil, could only say “Malaysia Boleh” in relation to the leak taking place.

“Not sure what else to comment. This is the worst possible leak because our identifiable data is out in the open and the identity card is the most important one of all,” he said.

Sales executive Shivaendra Gunasegaram, 30, from Petaling Jaya, said smartphones and social media companies already had all data pertaining to the individuals.

As such, all personal information was accessible to many people, he said.

“As long as there are no unauthorised transactions from our bank accounts, I feel that there’s nothing to worry about.

“The advantage of being poor is that they probably won’t target my account because there’s not much in it,” he said jokingly.

Meanwhile, the data leak report continued to create a buzz in online forums and on social media, with many people expressing their unhappiness over the government’s inability to protect vital information from being leaked repeatedly over the years.On Facebook, user Zaidi Rudy said: “Brace yourselves, scam calls are coming in.”

Dennis Ooi said: “Was SOLD mean somebody have to go jail. Any action taken on those responsible. Or tangkap lepas again.”

Wan Meng Lee questioned: “Why the rakyat confidential information can be sold off is it not kept safely omg.”

Abdul Hamid said: “If they know the data being sold, they definitely know who is the seller.”

In the Lowyat forum, user bananjoe said: “Habis go and overhaul the whole new mykad. This is epic ridiculous. Government IT staff doing what ???”

Sycamore said: ”So absurd. But why am I not surprised? Absurdity is the reality.”

Radiowarrior1337 said: “This needs to kena and people head must roll. Tidak apa attitude and biar la dah hack kan so mari lepak minum teh now to discuss what scenario he obtains the data.”

Wednesday, 19 July 2017

Making the corrupt fear whistleblowers, not the other way !

WE ARE so used to seeing the Malaysian Anti-Corruption Commission (MACC) on the frontlines in the war against corruption that we often forget the importance of whistleblowers. 


Graft-busters cannot be expected to single- handedly detect cases of corruption and abuse of  power because this requires surveillance capabilities that are impossibly expensive and intrusive. Instead, they typically rely on people channelling quality information on alleged offences so that the investigations can start.

Federal Land Development Authority chairman Tan Sri Shahrir Abdul Samad reminded us about this when he warned Felda employees, including its top management, that there were whistleblowers within the organisation who would report wrongdoing. - (Check: Shahrir backs Felda staff who expose wrongdoings)

Commenting on the MACC’s raid on Monday on Felda Investment Corporation Sdn Bhd over the purchase of a London hotel, Shahrir welcomed the probe as a “good development” and said he believed that the new leads received by the commission came from whistleblowers.

“I want to assure those who expose the corrupt practices within Felda that they will be protected,” Shahrir added.

That is an important message. People are reluctant to volunteer information on corrupt practices mainly because they believe there would be reprisals if it was made known to others that they had blown the whistle.

Employees worry about being treated poorly by bosses and colleagues. Businessmen risk losing customers and deals. And sometimes, the stakes are so high that a whistleblower may even have reason to fear for his life.

People need to be convinced that there is a better alternative to saying nothing about corrupt practices. First and foremost, a whistleblower wants to be sure that if he so chooses, his identity will be kept confidential.

This is why the Whistleblower Protection Act 2010 matters a lot.

It is described as an Act “to combat corruption and other wrong­doings”, showing that it has a central role in the fight against corruption. And yet, according to the MACC, few people have asked for protection under the Act.

In 2015, the commission received about 6,300 reports and complaints, but only 16 people sought (and were given) protection under the Act. In fact, between 2011 and 2015, 65 people were given such protection.

In its Annual Report 2015, the MACC said more individuals were writing in to give information on corrupt practices. In addition, the commission received fewer anonymous letters in 2015 than in the year before. The MACC said this showed rising public confidence in supplying information to the commission.

The commission also attributed the trend to its improved transparency in handling information from complainants.

But what about the low number of whistleblowers seeking protection under the Whistleblower Protection Act? Can it be that few people are aware that the Act can shield them from the fallout of whistleblowing?

The authorities should look into this. There has to be more awareness of how the Act works and this should then be used to encourage more people to come forward with information that can help the graft-busters.

The corrupt should be the ones fearing the whistleblowers and not the other way round.  - The Star


 Related Links:


Why FGV should handle whistle blowers with care - Business News

 

Two held over FIC London hotel purchase - Nation | The Star Online


Related posts:

The Malaysian Anti-Corruption Commission (MACC) needs strong finishing 

 

Mereka Rasuah Kita Bayar! 3J drive: Jangan Kawtim, Jangan Hulur, Jangan Settle!

 

MACC starts probe on Felda Global Ventures Holdings Bhd (FGV) 

 

Time to take fight against graft to the top, say group 

 

More big corrupt officials nabbed: Datuk among those busted for graft & mismanagement