.png)
THE recurring issue of personal data breaches in Malaysia has once again ignited public concern, following revelations that confidential information belonging to millions of citizens is being sold online with alarming ease.
According to a viral Facebook post by a user known as ‘Pendakwah Teknologi’, MyKad numbers, home addresses, phone numbers, vehicle registration details, banking information, and even CVV codes printed on the back of credit and debit cards are readily accessible via an unauthorised website — for as little as RM5.
The disturbing claims were verified by Sinar Harian, whose reporters accessed the website and confirmed that personal records including voting information, business ownership data, and education loan types could be retrieved simply by entering an IC number and paying a nominal fee.
The breach, reportedly involving data from key agencies such as the National Registration Department (JPN), the Road Transport Department (JPJ), MySPR Semak, the Ministry of Domestic Trade’s e-Tribunal system, and several utility and telecom providers, has revealed a systemic failure in data governance.
More concerning still, the website is fully functional via ordinary internet browsers such as Google Chrome, without requiring VPN access or other privacy tools.
“Data breaches are no longer just a technical concern. They directly threaten national security and the welfare of citizens,” wrote Sinar Harian in a sharply worded editorial. “Unless bold reforms are enacted, the public will continue to live in fear of digital fraud.”
The site offers various price tiers for deeper data access, ranging from RM5 to RM245. Users can also pay RM25 for a so-called lifetime account. If no purchase is made within five days, inactive accounts are permanently deleted.
Shocking results from searches reportedly include full names, MyKad numbers and addresses not just of the individual queried, but of neighbours as well.
“This shows how vulnerable our data has become. Anyone with a MyKad number and a small payment can conduct searches that go deep into an individual’s personal history,” the editorial continued.
It warned that the consequences of such breaches extend beyond identity theft and financial fraud. Illicit access to personal data may also be exploited by international syndicates for commercial gain, money laundering, or economic sabotage.
Equally at stake is public confidence in government institutions and digital platforms.
“How can citizens be expected to embrace digital transactions when they no longer believe their data is secure?” asked the local daily. “This could seriously derail the government’s digitalisation agenda.”
The are now calls for a comprehensive action plan, including a full investigation into the source of the leak, legal accountability for those responsible, and the imposition of maximum penalties on agencies or companies found negligent in safeguarding data.
“The Ministry of Communications and the Department of Personal Data Protection (JPDP) can no longer offer empty assurances,” it stated. “Firm action must be taken to protect what is arguably the most valuable asset of all — the personal data of Malaysian citizens.”
At the time of writing, official responses are being sought from Communications Minister Datuk Fahmi Fadzil, the Malaysian Communications and Multimedia Commission (MCMC), and the JPDP, in light of the website’s apparent violation of the Personal Data Protection Act 2010 (Act 709). - Sept 9, 2025