MyDigital ID, MyNIC, Malaysia’s National Security Council and Personal Data Protection Department: Viral data leak claims old incident, unrelated to current platforms

MyDigital ID, MyNIC, Malaysia’s National Security Council and Personal Data Protection Department: Viral data leak claims old incident, unrelated to current platforms

Malaysia Clarifies Data Leak Origins, Reinforces Cybersecurity Measures

Kuala Lumpur, June 21 Malaysia’s National Security Council (NSC) has confirmed that recent claims of a personal data leak circulating on social media stem from cybersecurity incidents reported before 2022, not from any current platform. The data, believed to have been unlawfully obtained through prior cyber intrusions, is now being redistributed without authorization across online platforms.

The National Cyber Security Agency (NACSA) emphasized that sharing or accessing such illegally obtained information regardless of where the service is hosted violates Malaysian law. In response, NACSA, alongside MyNIC and the Personal Data Protection Department, has taken swift action, including collaborating with foreign service providers to block and remove the implicated websites. A digital forensic investigation, led with the Royal Malaysia Police, is underway to identify and prosecute those responsible.

The incident has prompted renewed calls for stronger legislation. The upcoming Cyber Crime Bill, slated for parliamentary review, proposes stricter penalties for cyber offenses, including unauthorized system access, data theft, and identity fraud. Meanwhile, the Cyber Security Act 2024, effective since August 2024, mandates that National Critical Information Infrastructure entities adopt robust protection measures, such as risk assessments and security audits, to bolster national cyber resilience.

Separately, the NSC clarified that MyDigital ID with over 16 million registrations does not store personal data but serves as an identity verification platform, authenticating users directly with the National Registration Department. Its integration across government and private-sector services, including banking and telecommunications, aims to enhance digital transaction security and mitigate identity theft risks.

The government reiterated its commitment to securing Malaysia’s digital transformation, with NACSA and the NSC positioned to address emerging cybersecurity threats.

Source: https://mediaselangor.com/en/2026/06/380585

Personal Information Protection Commission(PIPC), Republic of Korea cybersecurity rating report: https://www.rankiteo.com/company/personal-information-protection-commission-pipc-republic-of-korea

National Cyber Security Agency (NACSA), Malaysia cybersecurity rating report: https://www.rankiteo.com/company/nacsamalaysia

MYNIC Berhad cybersecurity rating report: https://www.rankiteo.com/company/mynic-berhad

"id": "PERNACMYN1782044818",
"linkid": "personal-information-protection-commission-pipc-republic-of-korea, nacsamalaysia, mynic-berhad",
"type": "Breach",
"date": "1/2022",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': 'Unknown (data from pre-2022 '
                                              'incidents)',
                        'industry': 'Public Sector',
                        'location': 'Malaysia',
                        'name': 'Malaysian Government (General)',
                        'type': 'Government'}],
 'customer_advisories': 'Public warned against sharing or accessing illegally '
                        'obtained data.',
 'data_breach': {'data_exfiltration': 'Yes',
                 'personally_identifiable_information': 'Yes',
                 'sensitivity_of_data': 'High (personally identifiable '
                                        'information)',
                 'type_of_data_compromised': 'Personal data'},
 'date_publicly_disclosed': '2024-06-21',
 'description': 'Malaysia’s National Security Council (NSC) confirmed that '
                'recent claims of a personal data leak circulating on social '
                'media stem from cybersecurity incidents reported before 2022. '
                'The data was unlawfully obtained through prior cyber '
                'intrusions and is now being redistributed without '
                'authorization. The National Cyber Security Agency (NACSA) '
                'emphasized that sharing or accessing such illegally obtained '
                'information violates Malaysian law.',
 'impact': {'data_compromised': 'Personal data', 'identity_theft_risk': 'High'},
 'investigation_status': 'Ongoing (digital forensic investigation with Royal '
                         'Malaysia Police)',
 'lessons_learned': 'Need for stronger legislation and robust protection '
                    'measures for critical information infrastructure.',
 'post_incident_analysis': {'corrective_actions': 'Legislative reforms (Cyber '
                                                  'Crime Bill, Cyber Security '
                                                  'Act 2024) and enhanced '
                                                  'protection for critical '
                                                  'infrastructure.',
                            'root_causes': 'Prior cyber intrusions (pre-2022) '
                                           'leading to unauthorized data '
                                           'redistribution'},
 'recommendations': 'Adoption of risk assessments, security audits, and '
                    'stricter penalties for cyber offenses under the upcoming '
                    'Cyber Crime Bill and Cyber Security Act 2024.',
 'references': [{'date_accessed': '2024-06-21',
                 'source': 'Malaysia National Security Council (NSC)'},
                {'date_accessed': '2024-06-21',
                 'source': 'National Cyber Security Agency (NACSA)'}],
 'regulatory_compliance': {'legal_actions': 'Investigation underway to '
                                            'prosecute responsible parties',
                           'regulations_violated': 'Malaysian law '
                                                   '(unauthorized data '
                                                   'access/sharing)'},
 'response': {'communication_strategy': 'Public clarification and advisories',
              'containment_measures': 'Blocking and removing implicated '
                                      'websites',
              'incident_response_plan_activated': 'Yes',
              'law_enforcement_notified': 'Yes (Royal Malaysia Police)',
              'third_party_assistance': 'Foreign service providers (for '
                                        'blocking/removing websites)'},
 'stakeholder_advisories': 'Government and private-sector entities urged to '
                           'adopt robust cybersecurity measures.',
 'title': 'Malaysia Data Leak from Pre-2022 Cybersecurity Incidents',
 'type': 'Data Breach'}
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.