Profiles of some 1.4 million companies in Malaysia have been offered for sale online on a hackers forum, a day after authorities denied a similar massive data breach involving the Inland Revenue Board (LHDN).
A user said the data siphoned from the Companies Commission of Malaysia (SSM) included company profiles as well as particulars of directors and shareholders.
“We sell data of SSM ROC,” the post said. “If you looking for 8millions data for ROB, do not hesitate to PM.”
According to the post, the data is priced at 0.3 bitcoin for individual buyers and 1 bitcoin “if you crony (crossed out) owner of www.ssm-einfo.my (and we take down/stop selling this data)”.
0.3 bitcoins equals to RM52,400.
This comes a day after an IT expert claimed on Twitter that the personal data of four million Malaysians being kept by the National Registration Department (JPN) was apparently put up for sale online for about RM35,000.
Adnan Shukor also shared a screenshot showing the seller offering the data leaked through LHDN, which is one of 10 government bodies on a shared platform called myIDENTITY where data from JPN is shared.
According to the screenshot, a total of 32GB of data in 19 files contain the information of those born between 1979 and 1998, with details such as addresses, mobile numbers and photographs, as well as race, religion and MyKad identification numbers.
The police later said they had launched an investigation into the claim, which is being investigated under Section 4 (1) of the Computer Crimes Act 1997.
LHDN meanwhile denied any leak of personal data, adding that it regretted the claim which it said could erode public confidence in the security of users’ information and data.