KUALA LUMPUR, Dec 8 — It appears another Malaysian government agency has suffered a data breach involving personal data. A group self-described as ethical hackers posted a forum thread highlighting that Perkeso‘s portal has been breached. Perkeso is Malaysia’s social security organisation (Socso) which is under the Ministry of Human Resources.
It appears that the security incident started last week on 2nd December 2023 and as a result, Perkeso immediately placed its systems on maintenance mode starting 3rd December at midnight until further notice. As a result, all transactions including Perkeso deductions had to be done via FPX on the ASSIST portal or physically over the counter at Perkeso branches nationwide.
The hacker group posted on 5th December alleging that the social security organisation has not made any proactive efforts to address the security concern.
On the same thread, they shared what appears to be a database of Perkeso’s internal documents. Also posted are sample data containing personal data of users with fields such as full name, IC number, race, gender, blood type, address, phone number, email address, salary, employer code, business name and emergency contact. There are a total of 5 CSV files shared with a total size of 16MB.
The next day, the group posted an update explaining that they are reputable hackers and they just need funds to support their passion for identifying vulnerabilities in network systems. They have also dropped extra samples in a CSV file containing personal data.
Yesterday, the group uploaded two videos of what appears to be a video meeting recording at Perkeso to discuss the security breach. The video included a presentation deck highlighting the chronology of events and steps taken to address the problem.