The Communications and Multimedia Minister Annuar Musa must give a public update on the so-called immediate action he had promised last month regarding the data breach incident that hit online payment service provider, iPay88 (M) Sdn Bhd. To-date there is no progressive report on the probe carried out by the Malaysian Communications and Multimedia Commission (MCMC), the Personal Data Protection Department (PDPD) and CyberSecurity Malaysia (CSM).
Since, iPay88 had already confirmed that a cybersecurity incident had occurred that may have compromised consumer credit card data, Annuar Musa should specify what action he or the above agencies have taken so far. This data breach involves a matter of national security of our country’s finances that warrants serious attention.
On August 13, Bank Negara had attempted to assure the public that the nation’s payment system remains safe and secure despite the data breach seen with the iPay88’s system, because “vulnerabilities” in the banks’ systems were not involved. However, many bank depositors and customers are not reassured and remain extremely nervous about the protection, security, and integrity of funds in their bank accounts.
Further, no one knows what “vulnerabilities” in the banking system that Bank Negara is referring to. This follows many reported cases by the public of the sudden and unaccounted for disappearance of monies in their bank accounts. Confirmation by iPay88 that customers’ card data might have been compromised after a cybersecurity incident does not help to generate public confidence.
The extent of bank customers’ critical financial data that is potentially leaked from this data breach is still unknown. Bank Negara has announced commencing forensic investigations into the data breach at iPay88 (M) Sdn Bhd, a company that is providing payment gateway services to banks and merchants. Until now, the outcome of these forensic investigations remains undisclosed.
Even though Bank Negara has pointed out that the data breach originated from and was confined to iPay88’s payment card systems and did not involve vulnerabilities in the banks’ systems, many bank customers do not feel safe and secure about their funds deposited in banks. The time has come for Annuar Musa and Bank Negara to uphold transparency and accountability by providing answers to ensure that the digitalisation of banking services is not jeopardised by the loss of public confidence following the data breach.