Pantai MP calls for RCI over personal data breaches
PETALING JAYA: An opposition MP has called for a Royal Commission of Inquiry (RCI) to investigate data breaches that occurred over the last five years.
Pantai MP Fahmi Fadzil said Malaysians personal data should be seen as a national asset and treasure.
“Therefore, the security of personal data must be taken very seriously, fully respected, and protected at all times.
“On Thursday (Aug 11), we were surprised by news that the database of iPay88, one of the largest online payment solution providers in Malaysia, may have been hacked around May 2022,” he said in a statement on Friday (Aug 12).
He said iPay88 only announced the incident on Thursday, almost three months after the incident took place, without providing complete information about the amount of personal data or affected victims, as well as the steps taken to inform victims of personal data intrusion.
“This is very unsatisfactory, and iPay88 is obliged to explain when the company actually detects an intrusion or data theft taking place; why it did not make an earlier notification; and why it did not inform the affected victims.
“iPay88 should realise that without the personal data of these victims, the business model of a company like iPay88 would not succeed,” he said, adding that if iPay88 is serious and sincere in dealing with this cyber security incident, it should provide financial compensation to all of the victims.
He said this incident is evidence that the Personal Data Protection Act 2010 must be amended immediately to, among other things, oblige parties like iPay88 to give notice as quickly as possible to the authorities and the victims when there was an intrusion or data theft.
“At the same time, the Association of Banks in Malaysia (ABM) and the Association of Islamic Banking and Financial Institutions Malaysia (AIBIM) must be reprimanded.
He said, in connection with the iPay88 incident, ABM and AIBIM issued a statement that commercial banks take the security of credit card holders seriously.
“But the reality is that ABM and AIBIM’s statements are just like ‘melepaskan batuk di tangga’.
“ABM and AIBIM, as well as other bodies such as Bank Negara Malaysia and the commercial banks themselves, need to be more proactive in helping victims of personal data theft due to security weaknesses in any part of the financial ecosystem, as in the case of iPay88,” he said, adding that victims of data theft would experience trauma, anxiety and worry about their personal data that has been stolen, as well as the criminal activities that may occur in connection with their data.
He said financial institutions, as well as bodies such as ABM, AIBIM need to be the main movers to recommend a compensation mechanism including finance to the victims of personal data theft.
“Finally, considering that over 100 million personal data have been stolen in the last five years including the iPay88 incident, and because the security of Malaysians’ personal data is also a national security issue, I urge the government to establish a Royal Commission of Inquiry (RCI) to fully investigate incidents of intrusion, theft and leakage of personal data that have occurred over the past five years, as well as identifying comprehensive measures to strengthen the country’s cyber security and obtain justice for victims of personal data theft including victims of ‘scammers’,” he said.