KUALA LUMPUR, Aug 12 — Bank Negara Malaysia (BNM) was made aware of the iPay88 cybersecurity breach which took place around May this year at the end of July, Governor Tan Sri Nor Shamsiah Mohd Yunus said during a press conference today.

Nor Shamsiah said that investigations on the matter are currently ongoing and BNM would be considering appropriate action once the investigation wraps up.

"We were made known towards the end of July by iPay88. So iPay88 is not technically supervised by BNM. So like what Jessica had said, it is the payment facilitator function of iPay88 that was the cause of the data breach," she said, referring to her deputy Jessica Chew.

"We only knew about iPay88 recently and since then we have been in communication with iPay88 and more importantly, just to make sure that the banks affected, they take precautionary measures to safeguard consumer data," she added.

Nor Shamsiah was asked as to when BNM was made aware of the leak, and if any sanctions would be enforced upon iPay88 over the incident.

Chew, who was also present at the press conference said that BNM had immediately notified banks to ensure that they deployed additional protective measures to protect their cardholders and to immediately notify their customers of the said measures taken.

"There is no evidence to suggest any vulnerabilities in the banking systems," Chew added.

PKR's Semambu state assemblyman Lee Chean Chung had today questioned if BNM and iPay88 "were in cahoots" to cover up the data breach as the company is under its watch, and called on the central bank to provide an immediate explanation so it would not be seen as "complacent and complicit" in the incident.

PKR information chief Fahmi Fadzil meanwhile called for a royal commission of inquiry to investigate incidents of data breach and leaks that have occurred over the past five years, after claiming more than 100 million personal data have been stolen in the same period.

Recently, iPay88 confirmed it had experienced a cybersecurity breach that may have compromised the card data of users more than two months ago.

The e-commerce firm said an investigation was initiated on May 31 and was ongoing while cybersecurity experts had been roped in to mitigate the issue, with "no further suspicious activity detected since July 20”.

Following the cybersecurity breach, the Communications and Multimedia Ministry’s personal data protection department has also begun an investigation into the matter.