Cyber Incident Victim: Suruhanjaya Pilihan Raya Malaysia

On December 25, 2022, a website allegedly published datasets purportedly containing personal information of nearly 13 million Malaysians linked to Maybank, Astro, and the Election Commission (EC). A Facebook user named "Pendakwah Teknologi" reported the leak at 7:56 PM that day, claiming the exposed data included 3.5 million Astro subscribers, 1.8 million Maybank customers, and 7.2 million EC voter records. The compromised information reportedly consisted of login IDs, full names, dates of birth, physical addresses, and national identity card numbers. Malaysia’s Ministry of Communications and Digital (KKD) initiated an investigation on December 30 after verifying the public allegations. Minister Fahmi Fadzil confirmed coordinated efforts between the Personal Data Protection Department (PDPD) and CyberSecurity Malaysia to contact Maybank and Astro regarding data ownership legitimacy and breach verification.

Preliminary analysis of the exposed Maybank account numbers indicated they were invalid or non-functional, preventing transactional exploitation. Investigators noted similarities to a 2018 data incident but emphasized requiring formal confirmation from involved entities for definitive attribution under the Personal Data Protection Act 2010 (PDPA). The EC data breach investigation was escalated to the National Cyber Security Agency (NACSA) due to jurisdictional limitations of the PDPA. The Malaysian Communications and Multimedia Commission (MCMC) received a restriction notice to block public access to the hosting website. Maybank issued a statement acknowledging the probe while denying any internal system breach at the time. Minister Fahmi reiterated mandatory compliance with PDPA cybersecurity standards for all data custodians during the ongoing inquiry.