A PKR MP has called for a royal commission of inquiry (RCI) to probe data breaches and leaks that have occurred over the past five years, claiming more than 100 million personal data has been stolen during this period.
Citing the cybersecurity breach experienced by online payment provider iPay88, PKR information chief Fahmi Fadzil said the security of Malaysians’ personal data was a national security issue.
“Therefore, I urge the government to form an RCI to probe all incidents of personal data breaches, theft and leaks that have occurred over the past five years.
“(I also urge Putrajaya) to identify holistic measures to strengthen the nation’s cybersecurity and ensure justice for victims of personal data theft, including those who fall prey to scammers,” he said in a statement.
Yesterday, iPay88 confirmed it experienced a cybersecurity breach which may have compromised the card data of users more than two months ago.
The e-commerce firm said an investigation was initiated on May 31 and was ongoing while cybersecurity experts had been roped in to mitigate the issue, with “no further suspicious activity detected since July 20”.
The communications and multimedia ministry’s personal data protection department has also begun a probe into the cybersecurity breach.
In response to iPay88’s statement yesterday, the Association of Banks in Malaysia (ABM) and the Association of Islamic Banking and Financial Institutions Malaysia (AIBIM) said banks had taken extra precautionary measures to handle the cybersecurity breach.
They added that cardholders could continue to use their bank cards normally.
However, Fahmi accused the banks’ measures of being an afterthought, saying the two associations should be more proactive in helping victims of data theft.
“Financial institutions and bodies like ABM, AIBIM and others need to be the main mover in recommending compensation mechanisms, including financial compensation to victims,” he said.
The Lembah Pantai MP again took iPay88 to task for only revealing the data breach more than two months after it occurred, demanding the firm explain when the incident actually took place.
He reiterated his call for the Personal Data Protection Act 2010 to be amended urgently to require parties like iPay88 to immediately notify users and the authorities over any data breaches.
“If iPay88 is serious and genuine about handling this cybersecurity incident well, it should give financial compensation to all victims,” he said. – FMT