Authorities say the information now circulating online is believed to come from cyber incidents before 2022, not from any current government or digital platform. A viral claim involving the alleged leak of Malaysians' personal data has raised public concern online, but the National Security Council (MKN) says the information being shared is not connected to any current platform or recently compromised system.
According to MKN, the data is believed to have originated from cybersecurity incidents that took place before 2022. The information is now being circulated again through unauthorised websites and online channels, creating the impression that it may be linked to newer digital services or platforms.
Old Data, New Circulation
The National Cyber Security Agency (Nacsa) said the information was likely obtained through illegal cyber intrusions involving multiple systems several years ago.
Although the data may be old, its reappearance online remains a serious concern because it can still be misused for scams, identity theft, social engineering and other forms of cybercrime.
MKN stressed that sharing, supplying or giving others access to unlawfully obtained information is an offence under Malaysian law. This applies even when the website, server or online service involved is hosted outside Malaysia.
In other words, people should not assume that accessing leaked information from foreign websites makes it legal or harmless.
Authorities Moving to Block Access
Nacsa has reportedly taken immediate action together with MyNIC and the Department of Personal Data Protection.
The agencies are engaging with foreign service providers to request the removal of the websites involved and restrict access to platforms offering the unlawfully obtained data.
At the same time, Nacsa is working with the police on digital forensic investigations to identify the individuals or groups responsible for distributing the information.
These investigations are expected to focus not only on those who originally obtained the data, but also on parties involved in publishing, selling or providing access to it.
Public Urged Not to Access Leaked Information
MKN has advised Malaysians not to search for, use or subscribe to services that offer access to stolen personal data.
Even viewing or obtaining information from illegal databases can contribute to the wider cybercrime ecosystem. It creates demand for stolen data and encourages criminals to continue targeting systems, organisations and individuals.
The public is encouraged to remain cautious whenever they come across websites, Telegram groups, forums or social media posts claiming to offer personal information, account details or identity records.
Cyber Crime Bill Expected to Strengthen Enforcement
The incident has also renewed attention on the proposed Cyber Crime Bill, which is expected to be tabled in Parliament.
MKN said the bill is intended to introduce stronger and more comprehensive provisions to deal with cybercrime, including system intrusions, unauthorised access, data theft and damage to computer systems.
The proposed law would make it clearer that accessing or interfering with computer systems and programmes without legal authority or a legitimate purpose is a criminal offence.
This is important as cybercrime methods continue to evolve quickly, especially with stolen data now being traded and redistributed across online platforms.
Cyber Security Act 2024 Adds Protection for Critical Systems
MKN also highlighted the Cyber Security Act 2024, which came into force in August 2024.
Under the Act, organisations classified as National Critical Information Infrastructure entities are required to implement stronger cybersecurity protections. This includes following codes of practice, carrying out risk assessments and conducting regular security audits.
The aim is to strengthen Malaysia's ability to protect essential systems and reduce the risk of cyber incidents affecting critical services.
MyDigital ID Is Not a Personal Data Storage System
MKN also addressed concerns involving MyDigital ID, which now has more than 16 million registrations.
It explained that MyDigital ID does not function as a platform that stores users' personal data. Instead, it works as an identity verification service that authenticates users directly with the National Registration Department, or JPN.
Its role is to help confirm that a user is genuine before allowing access to participating digital services and transactions.
As MyDigital ID becomes more widely adopted by government agencies, banks, telecommunications companies and private-sector platforms, it is expected to provide an additional layer of protection against identity fraud and impersonation.
Final Thoughts
The latest clarification is a reminder that old data leaks can continue creating risks long after the original cyber incident happened.
Even when the information is not linked to a current platform, its circulation can still expose individuals to scams, identity theft and targeted fraud. Malaysians should avoid engaging with leaked-data services, remain cautious with suspicious online claims and take basic steps to protect their personal accounts, passwords and digital identity.
Comments