Bank Negara Malaysia (BNM) has temporarily suspended all access to the Credit Control Reference Information System (CCRIS). The suspension comes after what is believed to have been a cyberattack by hackers whose target was the personal data of all individuals available on the CCRIS database.
It should be pointed out that the suspension has affected all credit reporting agencies (CRAs), chief among them being CTOS, Credit Bureau Malaysia, and Experian. In light of the cyberattack and with regards to Experian, the agency says that it has temporarily paused its services to the BNM-owned CCRIS. Further, the agency also says that it has conducted its own in-depth security investigations into the matter and says that it found no evidence that its systems, servers, or facilities had been compromised during the cyberattack.
CTOS also made a similar statement, stating that all of its assets were secure, despite the attack. In an effort to allay any fears among its clientele, the credit agency also made its CTOS SecureID to them, should they decide that they would like to monitor the dark web for any evidence of their personal data being sold.
BNM has also assured users that access will be restored once CRAs gain control over their own security. In the meantime, it says that financial consumers can continue to access their CCRIS reports via the provided link.
At the time of writing, BNM has yet to confirm if an investigation is underway. However, considering that the attack caused BNM to suspend all access to CCRIS, it is highly likely that the threat actors who attacked its security are individuals with advanced knowledge of the system’s API.