Cyber Incident Victim: GHL Systems

In early 2021, reports surfaced regarding a potential data breach impacting E-Pay Malaysia, an e-payment provider operated by parent company GHL Systems. Malaysian technology news outlet lowyat.net documented the appearance of user account records from E-Pay Malaysia on a prominent database marketplace forum. The seller’s listing claimed the database contained information from approximately 380,000 accounts, with a timestamp indicating the data originated in January 2020. According to the advertisement, compromised records included user names, email addresses, dates of birth, contact addresses, and mobile phone numbers. The seller asserted that account passwords and related authentication tokens had been masked or obscured in the dataset, though the validity of this claim remained unverified at the time of reporting. The listing’s emergence prompted immediate scrutiny from cybersecurity observers and media outlets monitoring data breach activity.

GHL Systems acknowledged the allegations through an official statement posted on its corporate Facebook page. The company confirmed it had initiated an internal investigation into the claims but emphasized that the purported breach appeared limited to its E.V.E. payment system infrastructure. GHL explicitly stated there was no evidence suggesting compromise of other company systems or services beyond the E.V.E. platform. No technical details regarding the breach methodology, intrusion timeline, or attacker identity were disclosed publicly during the initial response phase. The company did not confirm or deny the authenticity of the specific dataset being marketed online, nor did it provide verification regarding the exact number of potentially affected accounts. The incident remained under active investigation as of February 2021, with no subsequent public updates confirming the breach’s validation or detailing containment measures, forensic findings, or regulatory notifications.