Cyber Incident Victim: National Registration Department

In May 2022, reports emerged alleging a large-scale data leak affecting approximately 22.5 million Malaysians, raising immediate concerns about the potential compromise of sensitive citizen information. The incident drew significant public attention due to the scale of the affected population and speculation about the source of the breach. On May 18, 2022, Malaysian Home Minister Datuk Seri Hamzah Zainudin publicly addressed these allegations, specifically denying involvement of the National Registration Department (NRD), the government agency responsible for maintaining citizen identity records. Minister Hamzah asserted the existence of a verification mechanism that conclusively demonstrated the leaked data did not originate from NRD systems, though no technical details about this mechanism were disclosed in public statements. The government did not confirm whether any other state agencies or private sector entities were investigating potential breach sources at the time of this announcement.

The incident's primary confirmed impact was the exposure of personal data belonging to millions of Malaysian residents, though the specific data elements compromised were not detailed in official statements. Public concern centered on the possibility of identity document information being exposed, given the NRD's role in managing national identity cards. In response to the allegations, the government's primary action was this categorical denial of NRD involvement through ministerial channels, aiming to reassure citizens about the security of core identity systems. No supplementary measures such as citizen monitoring services or breach verification portals were announced alongside the denial. The disclosure timeline suggests authorities moved rapidly to investigate the leak's origins within days of its public emergence, though no information was provided about when the breach initially occurred or how it was discovered.