Agensi Kaunseling dan Pengurusan Kredit (AKPK) has determined that about 20 of its customers have had personal information — names and National Registration Identity Card (NRIC) numbers — published by cybercriminals on the dark web and anticipates more to be leaked.
“We anticipate and are preparing for the criminals to publish more information including additional customer names and NRIC,” the agency said in a statement yesterday, adding that the investigation with a third-party cybersecurity expert is continuing.
“It is important to note that all information in the possession of cybercriminals is a result of illegal activities and therefore the acquisition, use, and dissemination of the same is a criminal offense,” it said in a statement.
The credit advisory agency said it is working closely with law enforcement and other relevant authorities, including the Ministry of Communication and Digital, as well as CyberSecurity Malaysia in the ongoing thorough investigation.
“We are also working to identify the specific information that has been illegally accessed and update the customers that have been affected,” it said.
AKPK said it will continue to mitigate the impact of the breach and reach out directly to communicate with all customers.
“Our staff will also assist customers by advising them in dealing with matters related to the breach.
“We are gradually bringing our systems back online in stages and will provide an official update accordingly,” it added.
The agency did conduct some preventive measures back in March when its system was breached but looks like the security flaw has led to data being harvested and exposed on the dark web.
