Cyber Incident Victim: Universiti Malaya

On October 17, 2019, Universiti Malaya's E-Pay Cashless Payment and Records portal became inaccessible following unauthorized access that resulted in website defacement. The incident occurred late on October 16 or early October 17, when attackers replaced portal content with a message containing the hashtags #NoRasis and #UndurVC. The university promptly acknowledged the breach and initiated an investigation to assess the scope of compromise. Initial technical analysis confirmed the intrusion was limited to surface-level defacement rather than a deep system penetration. University administrators emphasized the portal's temporary unavailability was a containment measure while security teams worked to restore service integrity. No evidence suggested unauthorized access to backend databases storing payment records or personal information.

The defacement's primary operational impact was the disruption of cashless payment services for university transactions, though core academic systems remained unaffected. Universiti Malaya publicly confirmed no sensitive data or financial information was exfiltrated during the breach. Security personnel conducted forensic analysis while simultaneously working to cleanse and restore the compromised portal infrastructure. By October 17, university representatives announced the E-Pay system would return to normal operation imminently following security validation. The incident concluded with service restoration without further public disclosures regarding attacker attribution or detailed technical vulnerabilities exploited.