As cases of leaked personal data continue to spark outrage among Malaysians, the government is finally drawing a harder line against those profiting from citizens' stolen information online. The Digital Ministry, led by Gobind Singh Deo, is stepping up efforts to stop the sale and exchange of personal data across the dark web and shady online platforms.
A Rising Threat in the Shadows
The internet's underbelly—better known as the dark web—has long been a marketplace for sensitive data. From identity card numbers and phone details to even medical records, these details often end up for sale at shockingly low prices. The recent appearance of Malaysian data on a site called caghi.com reignited public alarm, reminding many how fragile digital privacy can be.
Gobind acknowledged that the illegal trade of Malaysians' data isn't new—but the scale and frequency of these breaches have become deeply concerning. "These incidents don't just cause financial losses," he said. "They erode public trust and damage our digital ecosystem."
Multi-Agency Collaboration: A National Response
To counter this, several government bodies are now working together more closely than ever. Among them are CyberSecurity Malaysia (CSM), the National Cyber Security Agency (NACSA), the Department of Personal Data Protection (JPDP), and the Malaysian Communications and Multimedia Commission (MCMC).
At the center of this effort is CSM's Cyber Risk Intelligence Department, which monitors, analyses, and traces leaked data online. The department's job isn't just to find stolen information—it also looks for what's called mal-information: real data that's been twisted or taken out of context to mislead or harm individuals or organisations.
When such data is detected, CSM's Cyber999 incident response centre takes over. They issue early alerts to other agencies, affected companies, and internet service providers, allowing them to act fast—verifying if the data is real, containing further leaks, and patching security gaps before more damage occurs.
Cutting Off Access and Shutting Down Leaks
Blocking access to illicit websites is one immediate measure being taken. Gobind confirmed that MCMC has already blocked platforms like caghi.com, while JPDP is working with international hosting providers, CDNs, and domain registrars to take these sites down completely. This kind of global coordination is crucial, since many of these data-trading sites operate beyond Malaysian borders.
Meanwhile, CSM continues to provide technical support, analysis, and cyber advisories, helping both public and private sectors strengthen their defenses. Enforcement agencies, including the police, are now planning a joint coordination meeting with JPDP, NACSA, and MCMC to streamline investigations and take swifter legal action.
A Continuous Battle for Data Protection
Gobind was candid about the reality of the challenge: cybercriminals will not stop overnight. Selling personal data remains a profitable crime, and new dark web markets emerge constantly. But he emphasized that the government is not standing still. Continuous monitoring, better enforcement, and tighter collaboration among agencies form the backbone of Malaysia's evolving cybersecurity strategy.
"The government views this issue very seriously," he said. "We will continue to enhance enforcement and strengthen cooperation between agencies to protect Malaysians' personal data."
Looking Ahead: Rebuilding Trust in Digital Malaysia
As Malaysia accelerates its digital transformation, protecting citizens' information becomes more than just a technical responsibility—it's a matter of national trust. Every data leak chips away at confidence in online services, from banking to healthcare. By doubling down on cross-agency action and transparency, the government hopes to rebuild that trust and assure Malaysians that their data—and their digital rights—are not being left unguarded.
