Yesterday we reported that it is suspected that 17 million Malaysians' MyKad details have been leaked and sold on the dark web via MyKad photos taken possibly for eKYC purposes.
Today, the National Registration Department has issued a statement on the matter, and denied that there has been any leakage of MyKad data through their system and database.
Through a post by the NRD on Facebook, their investigation found that there was no data leak or suspicious transaction occurring in the NRD system. In fact, they also stressed that no such case has ever occurred before involving the NRD system. NRD has also contacted NACSA and PDRM to enable an investigation at their level.
In the meantime, they have also shown several statements from the Minister of Home Affairs, the Director General of NACSA and the Deputy Director (Investigation) of the PDRM Commercial Crime Investigation Department. Overall, their statements show that this leak, if it really happened, did not happen through the NRD database.
As we reported yesterday, the leak of the MyKad images, if true, is highly likely to have come through the eKYC system database which is used to verify the identity of users of digital platforms used by Malaysians through MyKad images.
The New Straits Times also reported that the National Cyber Security Agency (NACSA) has also confirmed that the identity card images seen in the leak are data obtained from old data leaks, possibly from data breach incidents from 2015 to 2017.
Through a review conducted by the National Cyber Coordination and Command Centre (NC4), not only did they not receive any reports from the NRD, but through the samples they reviewed, the MyKad details shown in this “latest” leak are from the old data set, and do not prove that there is any new data leak from any party.