The Inland Revenue Board (IRB) has denied a claim that there was a data leak involving information of four million individuals from its web portal.
A statement from the board said, based on internal investigations, it did not find any data leak from its side.
“The IRB wishes to deny a report in a portal, which claimed that four million data had been leaked from the IRB website through Application Programming Interfaces (API) conducted for the MyIdentity portal, which is supervised by the National Registration Department.”
It also clarified that the IRB was a user of the MyIdentity platform and was not the owner of the shared system.
“The IRB is working closely with the NRD, National Cyber Security Agency (NACSA) and National Security Council on this issue.
“IRB guarantees that all personal information of its members is kept safely with certified data security technology.”
The IRB said it was disappointed with the reports and claims which were being circulated because they could erode the taxpayers’ confidence toward the board’s security system.
It also urged members of the public to be wary of irresponsible quarters who may be trying to cause confusion and lie to the community.
IRB said those who were in doubt over such matters should contact the IRB via 03-8911 1000 or 03-8911 1100 or its website.
Earlier, it was reported that a netizen has raised the alarm on a database being sold online that purportedly contains the personal data of four million Malaysians.
The database, according to a tweet by Adnan Mohd Shukor, is claimed to contain details such as names, emails, mobile numbers and addresses, and is grouped by birth year from 1979 to 1998.
The data is claimed to be harvested from the “myIdentity API” through the Inland Revenue Board, better known by its acronym LHDN, website.
Adnan, an intrusion analyst, also tweeted that the 31.8GB file is being offered for sale for 0.2 BTC (RM35,350).
“I have a crawler running to monitor a few specific keywords. I got an alert yesterday morning and found this posting in a marketplace for database breaches and leaks,” Adnan was quoted as saying.
Adnan said he has been on the lookout for this database, as it has been talked about by a number of sellers for the past few months.
“This is not the first time that such a database with details from NRD has leaked onto this marketplace.
“I believe this database is likely to be legitimate as I have sources who have said they have discovered similar findings,” he claimed.
Adnan said he has informed the relevant parties about the discovery before going public on Twitter.
“I’ve reported previous findings before and felt that there was no progress. Instead, I got some disappointing responses.
“They were more concerned about how I found the database. As this is now public, I hope to see things change,” he said.
Meanwhile, the police are attempting to block an alleged attempt to sell millions of personal details allegedly stolen from the NRD.
Bukit Aman Commercial Crime Investigation Department director Kamarudin Md Din said this was the first step taken by the police upon learning of the matter yesterday.
He said the police are also attempting to identify the persons involved in the alleged leak and do not discount the possibility of an inside job.
“We are working to block (the selling). That was the early action we are taking before we try to identify (those responsible).
“That is what we are going to do immediately – to block the data (from being sold online),” he said during a press conference at the Jinjang police station in Kuala Lumpur.