Malaysia's National Cyber Security Agency investigates pontential breach of national ID cards
Learn More
Malaysia's National Cyber Security Agency (Nacsa) has launched an investigation into reports of a potential massive data breach involving MyKad (Malaysian national identity card) information of approximately 17 million citizens allegedly being offered for sale on the dark web.
The incident was first reported by StealthMole, a dark web threat intelligence firm, on December 3 through their Twitter account. According to their report, threat actors have already shared sample Malaysian ID cards on the dark web as proof of their possession of the data, raising serious concerns about potential identity theft and financial fraud risks.
Approximately 17 million Malaysians are claimed to be affected.
Nacsa has acknowledged the severity of the situation and is actively investigating to verify the authenticity of the claims and assess the potential scope of the compromise. The agency has urged the public to avoid spreading unverified information and to rely only on official communications from authorities.
As a precautionary measure, Nacsa has issued several security recommendations for the public, including:
- Regular monitoring of bank accounts and credit reports
- Heightened caution regarding unsolicited communications
- Avoiding suspicious links or attachments
- Implementing strong passwords
- Maintaining up-to-date software
- Following good cyber hygiene practices
Update - as of 5th of December 2024, the National Registration Department of Malaysia has denied the claimed MyKad data breach affecting 17 million citizens, stating they found no evidence of system compromise or suspicious transactions.
