Last month, we reported that a dataset from the National Registration Department (JPN) containing the personal information of 22.5 million Malaysians made its way to a well-known database marketplace forum. Shortly after, Home Minister Hamzah Zainudin has denied that the dataset came directly from JPN. More recently, he has announced that the ministry is limiting access to the JPN database to 44 government-related agencies.
Sinar Daily reports that the minister says that the data was acquired from various sources, including social media, telecommunication companies, financial institutions, and government agencies like the Department of Land and Mines. This is in line with his previous statement which claimed that the dataset came from “agencies that are given authorisation to receive information from JPN”.
Hamzah was quoted by the report as saying “Our problem now is there are too many agencies that were given access to Malaysians personal data by JPN through online means”. A prior report by The Star states that up to 104 agencies previously had access to data from the platform. Hamzah also says that “when we look at the watermark, we could recognise which agency has leaked the data”.
The JPN database leak has necessitated the cutting down of that number by over half of that. Among the agencies still allowed to access include the Inland Revenue Board (LHD) and the Companies Commission of Malaysia (SSM).
As a refresher, the dataset in question contains the private information of 22.5 million Malaysians born between the years of 1940 and 2004. Details include the name, IC number, address, date of birth, gender, race, religion, and mobile number of individuals. Entry also come with a Base64 photos for identification. Information of Home Minister Hamzah was posted to prove the point. Investigations into the leak is still ongoing, according to the report by Sinar Daily.