The Consumers’ Association of Penang (CAP) is shocked that our personal information databases are unsafe, seen from the barrage of news concerning “personal data theft” and “illegal sales of personal data” these last few weeks. We are concerned whether our country is prepared for the digital economy.

The majority of our transactions today are done online. The push towards the digital economy comes in many different forms – businesses give special discounts for online purchases, banks penalise those who use counter services and government agencies, such as EPF and SOCSO, are making it mandatory for contributions to be deposited online. Even income-tax filing is going online.

All this leads to our personal data being stored in digital databases online and offline.

The lack of proper cyber security has caused personal data to be stolen and sold for criminal and commercial purposes. For example, the shocking illegal sale of personal data from 46.2 million registered phone numbers has been dubbed the largest data breach in Malaysian history.

It does not matter that the database is three years old. There are still people who have the same phone and many of us still have the same phone number, home address, etc from 2014. Not to mention a person’s MyKad number is for life.

Stolen personal data can be used to scam the data owner or others. It has become a commodity that is sold in shady kinds of transactions.

Considering the gravity of the situation, it is not right for people to have an attitude of, as long as there is a market for it (personal data / information), there will be data breaches. The whole point of cyber security is to keep hackers, people who would steal what is not theirs and sell for their own profit, out of these massive databases of personal information.

The authorities have to always be ten steps ahead of these hackers to prevent the inevitable hacking attempts. But are they on top of things?

In February of this year it was reported in the press that the personal health data of tens of thousands of patients from both private and government hospitals were stolen by hackers. CAP had written to the authorities to ask how they plan to handle the incident. The reply we received stated that no such incident had occurred and that and all our cyber security measures were in place.

If what they claim is true, why do these personal data breaches keep happening?

Whenever someone questions the whole business of “going online”, the answer is that it must be done to keep up with developed countries. While it is true we do not want to be left behind, have we perhaps jumped the gun in this case?

Does Malaysia have the right and effective cyber security measure in place? Do the authorities employ white hat hackers to look for weaknesses in cyber security, etc? It is not enough to be tech savvy or IT trained.

To conclude, the attacks on our privacy and safety via personal data theft has gotten out of hand. Seeing as Malaysia is already deep into the “being online” scene, CAP asks the authorities to:-

– Track and trace the hackers, companies and others who sell and buy stolen personal data and punish them accordingly.

–  Check to ensure that all bodies using digital transactions have the necessary and latest security measures in place. Especially banks, government department, hospitals, etc.

– Make updates mandatory so that companies will have the best online security measures.

– Have CyberSecurity Malaysia certify, check and monitor the cyber security measures taken by all bodies using online transactions and keeping massive databases of personal information.

Letter to the Editor, 20 November 2017