The Accountant General’s Department of Malaysia (JANM) has recently suspected that there may have been an attempt to trespass the ePenyata Gaji system recently. This was revealed via a statement to Lowyat.NET earlier today.
Given that, the department has decided to strengthen the security infrastructure and mechanism of the system as precaution. In the same statement, JANM ensured that the integrity of its information data system is still intact while the department is already working with authorities so that such incident will never take place again.
Here is the full statement, which was sent to us in Bahasa Malaysia
SISTEM PENYATA GAJI DAN LAPORAN (e-SPGL) JABATAN AKAUNTAN NEGARA MALAYSIA (JANM) KEKAL SELAMAT
Jabatan Akauntan Negara Malaysia mengesyaki bahawa baru-baru ini, ada percubaan pencerobohan ke atas sistem kami yang melibatkan Sistem Penyata Gaji penjawat awam.
Walau bagaimanapun, JANM ingin menegaskan bahawa integriti sistem data maklumat kami masih utuh dan telah pun diperkukuhkan sebagai langkah berjaga-jaga.
JANM akan terus mempertingkatkan keselamatan infrastruktur dan mekanisme penyampaian perkhidmatan kami dalam usaha berterusan bagi mengukuhkan sokongan kepada penjawat awam.
JANM juga sedang bekerjasama dengan pihak berkuasa dalam hal ini untuk memastikan agar perkara ini tidak berulang. Dalam hal ini, Kerajaan tidak akan berkompromi dengan mana-mana pihak yang melanggar undang-undang.
The statement was the response to our report yesterday regarding a grey hat cybersecurity group who claimed to have breached the ePenyata Gaji and managed to extract a huge portion of personal information that belonged to Malaysian civil servants. The group apparently have reached out to the government regarding it but didn’t receive any response and has since threatened to sell the data on several well-known database marketplaces on 19 September.
Among the items that the group claimed are in its possession is a 142MB database that contains more than 1 million rows of identities. The group claims that the database has information such as full name, MyKad number, position, department, pay slip number, mobile number, and email address.
In addition to that, the group also claimed that it managed to extract pay slips and tax forms from the system which are being presented in PDF format with a total file size of 188.75GB. As this incident is already under active investigation according to Sin Chew Daily who broke the news, we expect there will be more updates about it in days or weeks to come.