Flexi Parking System Breach Exposes Security Gaps in Malaysia’s Public Digital Infrastructure
A cybersecurity breach in Malaysia’s Flexi Parking system has disrupted parking payment services across 64 local authorities nationwide, including the Smart Selangor platform. The incident, reported by Petaling Jaya MP Lee Chean Chung, raises concerns over potential exposure of citizens’ personal data and systemic vulnerabilities in public digital infrastructure.
The breach highlights long-standing security warnings that allegedly went unaddressed, pointing to governance and risk management failures. While the immediate impact includes disrupted parking services, the broader implications involve data privacy risks and financial accountability particularly as users’ sensitive information may have been compromised.
The Selangor Intelligent Parking (SIP) programme, a public-private partnership model, has faced prior scrutiny. Under this arrangement, 50% of parking revenue is diverted to private concessionaires, raising questions about whether local authorities retain adequate oversight of cybersecurity, operational standards, and vendor performance. Critics argue this model undermines public-sector digital resilience, contradicting federal efforts under GovTech to reduce reliance on external vendors and strengthen in-house capabilities.
Lee has demanded full transparency, urging the Selangor government to release a comprehensive investigation report detailing the breach’s cause, scope of data exposure, financial impact, and corrective measures. If no such report is forthcoming, he has called for a public hearing by the Selangor Select Committee on Competency, Accountability, and Transparency (Selcat) to assess weaknesses and restore public trust.
The incident underscores the need for stronger governance in public digital systems, where cybersecurity is not just an IT issue but a matter of public trust and accountability. As citizens increasingly rely on government-linked digital platforms for essential services, the breach serves as a critical reminder of the risks posed by unaddressed vulnerabilities and privatized infrastructure.
Source: https://www.malaysiakini.com/news/778779
LiTS (Leading Innovative Technologies & Systems Sdn Bhd) cybersecurity rating report: https://www.rankiteo.com/company/leadinginnovativetechnologiesandsystems
"id": "LEA1783074649",
"linkid": "leadinginnovativetechnologiesandsystems",
"type": "Breach",
"date": "7/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': 'Users of parking services '
'across 64 local authorities',
'industry': 'Parking and municipal services',
'location': 'Malaysia',
'name': 'Flexi Parking system',
'type': 'Public digital infrastructure'},
{'industry': 'Smart city services',
'location': 'Selangor, Malaysia',
'name': 'Smart Selangor platform',
'type': 'Public digital infrastructure'},
{'industry': 'Parking and municipal services',
'location': 'Selangor, Malaysia',
'name': 'Selangor Intelligent Parking (SIP) programme',
'type': 'Public-private partnership'}],
'data_breach': {'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High (citizens’ personal data)',
'type_of_data_compromised': 'Personal data'},
'description': 'A cybersecurity breach in Malaysia’s Flexi Parking system has '
'disrupted parking payment services across 64 local '
'authorities nationwide, including the Smart Selangor '
'platform. The incident raises concerns over potential '
'exposure of citizens’ personal data and systemic '
'vulnerabilities in public digital infrastructure. The breach '
'highlights long-standing security warnings that allegedly '
'went unaddressed, pointing to governance and risk management '
'failures.',
'impact': {'brand_reputation_impact': 'Erosion of public trust in public '
'digital infrastructure',
'data_compromised': 'Citizens’ personal data',
'downtime': 'Disrupted parking payment services',
'identity_theft_risk': 'Potential exposure of citizens’ personal '
'data',
'operational_impact': 'Disrupted parking services across 64 local '
'authorities',
'systems_affected': 'Flexi Parking system, Smart Selangor '
'platform'},
'investigation_status': 'Ongoing (demand for investigation report)',
'lessons_learned': 'The incident underscores the need for stronger governance '
'in public digital systems, where cybersecurity is not '
'just an IT issue but a matter of public trust and '
'accountability. It highlights risks posed by unaddressed '
'vulnerabilities and privatized infrastructure.',
'post_incident_analysis': {'corrective_actions': 'Strengthen governance in '
'public digital systems; '
'reduce reliance on external '
'vendors; enhance in-house '
'cybersecurity capabilities; '
'ensure oversight of '
'cybersecurity and '
'operational standards in '
'public-private '
'partnerships.',
'root_causes': 'Long-standing security warnings '
'allegedly went unaddressed; '
'governance and risk management '
'failures; systemic vulnerabilities '
'in public digital infrastructure; '
'privatized infrastructure model '
'undermining public-sector digital '
'resilience.'},
'recommendations': 'Release a comprehensive investigation report detailing '
'the breach’s cause, scope of data exposure, financial '
'impact, and corrective measures. Conduct a public hearing '
'by the Selangor Select Committee on Competency, '
'Accountability, and Transparency (Selcat) if transparency '
'is not provided.',
'references': [{'source': 'Petaling Jaya MP Lee Chean Chung'}],
'response': {'communication_strategy': 'Demand for full transparency and '
'release of investigation report'},
'stakeholder_advisories': 'Selangor government urged to release investigation '
'report; public hearing called for if transparency '
'is lacking.',
'title': 'Flexi Parking System Breach Exposes Security Gaps in Malaysia’s '
'Public Digital Infrastructure',
'type': 'Data Breach'}