Social Security Organisation (SOCSO) impacted by data breach, data leaked online
Learn More
The Social Security Organisation (Socso / PERKESO) in Malaysia appears to have experienced a significant security breach.
The security breach began around December 2, 2023, leading Socso to put their systems into maintenance mode from December 3. All transactions, including Socso deductions, were temporarily shifted to the ASSIST portal or conducted physically at Socso branches.
A hacker group, referring to themselves as Rupert_group, posted on a hacker forum, claiming responsibility for compromising personal data due to Socso's lax security. This breach first became public on December 5, with the hackers indicating plans to release more personal data samples within the next 72 hours.
Two days after this initial post, the hacker group shared a YouTube link to a Socso management meeting discussing the breach, adding credibility to their claim. The videos have since been taken down from Youtube.
The leaked information includes:
- names,
- physical addresses
- email addresses,
- phone numbers,
- payment methods,
- some individuals' retired military status.
So far no details are available about the number of affected individuals.
Socso acknowledged the incident. They later confirmed the cyberattack via a statement on Twitter, noting that their website was first attacked on the previous Saturday. Socso mentioned that the hackers initially tried to cripple their daily operational infrastructure, and upon failing, shifted their focus to tarnishing the agency's reputation.
Socso raised doubts about the authenticity and relevance of the leaked data, claiming it to be questionable, incomplete, and outdated. They stated that some of the data clusters had never been seen by the agency since its inception in 1971.
