Cyber Incident Victim: E-Pay Malaysia

In early 2021, reports emerged that user account data from Malaysian e-payment provider E-Pay Malaysia appeared for sale on a popular database marketplace forum. The listing, dated January 2020, allegedly contained information from approximately 380,000 accounts. According to the seller's claims, the compromised data included user names, email addresses, dates of birth, physical contact addresses, and mobile phone numbers. The seller asserted that account passwords and related tokens had been masked in the database, potentially limiting immediate account takeover risks. The breach came to public attention through reporting by Malaysian technology news outlet lowyat.net, though the exact date of initial discovery remained unspecified in available reports. The incident represented a significant potential exposure of personal information given the volume of affected accounts and the sensitivity of payment-related user profiles.

Parent company GHL Systems responded to the allegations by issuing a public statement on its Facebook page confirming an investigation into the claims. The company emphasized that the alleged breach appeared limited to their E.V.E. payment system platform and did not affect other operational systems or services. No specific timeline for the investigation's completion was provided in their initial response. The statement sought to reassure customers by distinguishing between potentially compromised and unaffected systems while acknowledging the seriousness of the allegations. The company's disclosure did not confirm whether unauthorized access had actually occurred or whether the data being marketed originated from their systems, maintaining that these points remained under active investigation at the time of their public statement.