A few months ago, we reported that 22.5 million data from Malaysian identity cards were sold on the dark web arena at a value of $10 thousand in Bitcoin.
Since the incident was reported, the Ministry of Home Affairs has confirmed that they have reduced the ability to access national registration data through the MyIdentity API to only 44 government bodies, in addition to tightening the data access SOP.
Recently, through a report by The Edge, questions asked to the Ministry of Home Affairs in Parliament today confirmed that no arrests have been made regarding the leakage and sale of the data.
In fact, it was also confirmed recently that there is more data of Malaysians born from 1989 to 1998 recently which is said to have been taken from the Inland Revenue Board through data sharing from the MyIdentity API as well.
Investigation papers regarding the data that has been sold have been opened, and a number of server machines owned by the National Registration Department and also the Ministry of Domestic Trade and Consumer Affairs have also been seized to assist the investigation.
The ministry does not want to comment further on the matter because it does not want to interfere with the authorities' investigation for the time being, but we expect that the results of the investigation will be announced later.