Comms minister: Govt has lead on alleged civil servant e-payslip data theft

Comms minister: Govt has lead on alleged civil servant e-payslip data theft

Communications and Multimedia Minister Tan Sri Annuar Musa said the government has held several meetings and discussions as it viewed the data leak and theft seriously. — Bernama pic

Sunday, 18 Sep 2022 6:19 PM MYT

KOTA BARU, Sept 18 — The government has found a lead regarding the alleged data theft of civil servant e-payslips and a statement will be made by the National Cyber Security Agency (Nacsa) soon.

Communications and Multimedia Minister (MenKOMM) Tan Sri Annuar Musa said the government has held several meetings and discussions as it viewed the data leak and theft seriously.

“In the case of alleged data theft involving e-payslips and such, we have agreed that not many should issue statements, as we do not want to distract from current investigations.

“We have agreed that whatever updates need to be issued by Nacsa and the Prime Minister’s Department, so what I can inform is that we have certain leads and action is being followed up,” he told reporters here today.

Annuar said his ministry was developing a framework to improve or curb issues of data theft as it not only occurred in Malaysia but in all countries.

“I want to state this because many misunderstand, if data theft involving personal data under the supervision of private companies, it is included under the Personal Data Protection Act, and managed under the Data Protection Department, under the Communications and Multimedia Ministry (K-KOMM).

“Data from ministerial departments and institutions are not under the Data Protection Department, but under Nacsa and the Prime Minister’s Department.

“The alleged e-payslip breach is under Nacsa, but CyberSecurity Malaysia (CSM) under K-KOMM will provide assistance in terms of forensics investigation,” he added.

Media outlets had reported earlier about an alleged data theft incident where hackers claiming to be from a ‘grey hat’ cyber security organisation alleged that they had breached the civil servant e-payslip system to expose its weakness.

The group claimed that it could access over a million rows of identities via the database, which is in the format of JavaScript Object Notation (JSON) and comma-separated values (CSV). — Bernama