Viral Data Leak Claims Linked to Pre-2022 Cyber Breaches, Not Current Systems, Says MKN
KUALA LUMPUR: The National Security Council (MKN) has assured Malaysians that recent claims of a personal data leak circulating widely on social media are not linked to any current government platform or digital system.
Instead, the information is believed to have originated from cybersecurity breaches that occurred before 2022 and has since been redistributed illegally through various online channels.
In a statement issued through the National Cyber Security Agency (NACSA), MKN said preliminary investigations indicate that the data being circulated today was unlawfully obtained from several systems compromised years ago and does not involve any existing digital infrastructure currently operated by the government.
“The information being shared online is believed to stem from cyber intrusions reported prior to 2022.
“It is not related to any current platform or active system under government administration,” the statement said.
NACSA stressed that any act of providing, disseminating or granting access to information obtained illegally constitutes an offence under Malaysian law, regardless of whether the websites or services involved are hosted inside or outside the country.
The agency said it has moved swiftly to address the issue by working closely with several government entities, including MyNIC and the Personal Data Protection Department.
Efforts are underway to engage with foreign service providers to remove or block access to websites believed to be facilitating the unauthorised distribution of the data.
At the same time, NACSA is cooperating with the Royal Malaysia Police (PDRM) to conduct detailed digital forensic investigations.
The objective is to identify those responsible for distributing the information and ensure that appropriate legal action is taken against them.
Authorities also urged members of the public not to access or subscribe to services that claim to offer personal information obtained through illegal means.
According to NACSA, doing so not only contributes to the spread of cybercrime but may also expose individuals to legal consequences.
MKN said the incident highlights the urgent need for stronger cybersecurity legislation in Malaysia.
As such, the upcoming Cyber Crime Bill, which is expected to be tabled in Parliament, will introduce more comprehensive provisions and tougher penalties for a wide range of cyber offences.
Among the proposed measures are provisions criminalising unauthorised access to computer systems, intentional damage to digital infrastructure and theft of data.
The legislation will also define identity theft involving the unauthorised use of another person’s identity for criminal purposes as a specific offence.
MKN further explained that the Cyber Security Act 2024, which came into force in August 2024, already requires entities classified under the National Critical Information Infrastructure (NCII) framework to implement stringent security measures.
These include compliance with cybersecurity codes of practice, regular risk assessments and periodic security audits designed to strengthen Malaysia’s cyber resilience.
The council also addressed concerns surrounding MyDigital ID, clarifying that the platform is not a data storage system.
Instead, MyDigital ID functions as an identity verification service that authenticates users directly with the National Registration Department.
With more than 16 million registrations to date, the platform is expected to play a larger role in securing digital transactions across government agencies and private sector services, including telecommunications and banking.
MKN said wider adoption of MyDigital ID will help reduce identity fraud and improve the overall security of Malaysia’s digital ecosystem.
The government, it added, remains committed to ensuring that the benefits of digital transformation can be enjoyed safely by all Malaysians.
Both NACSA and MKN reaffirmed their readiness to respond to emerging cybersecurity threats and continue strengthening the nation’s cyber defence capabilities in an increasingly connected world.
