Malaysian Personal Data Sold Off In JPN, eKYC And SPR Leak

Malaysians should take extra care in the face of scams, as a massive leak of the JPN database has lead to their personal information being sold off to unknown parties.

According to Amanz via Lowyat.Net, over 22.5 million Malaysians born between 1940 and 2007 were compromised, with information such as name, IC number, address, date of birth, gender, race, religion, mobile number, and Base54-based photo being available to buyers for 10,000 USD.

SoyaCincau also reports that this follows an SPR and eKYC leak, which includes photos of people’s ICs as well as verification selfies.

In the listing, the sellers mention that the data was acquired via the myIDENTITY API, which is a central repository of personal data used by the government, accessed by 104 different government agencies.

To prove this point, they even leaked the information of Home Affairs Minister Hamzah Bin Zainuddin.

It should be noted that the Government hasn’t responded to news of the JPN leak, despite the fact cybersecurity concerns have been one of the many criticisms against them.

This is far from the first major leak of a Government database, with the last major leak happening in September of last year.

What This Means For You

As with the last few major database leaks, this will likely mean a large increase in scam calls. Remember not to give any personal information out to anyone who asks until you can safely verify who they are, and be especially careful with opening links.

As a safe rule of thumb, never click links in text messages, if you truly think your bank account is having any kind of issue it’s better to just manually go to the website yourself instead of relying on any kind of hyperlinks.