AKPK: Info of about 20 customers exposed on dark web from data breach last month

By Angelin Yeoh

On March 30, AKPK announced that it had discovered that its server containing customer data may have been illegally accessed and it had taken measures to put operational systems offline temporarily. — AZMAN GHANI / The Star

PETALING JAYA: The Credit Counselling and Debt Management Agency (AKPK) said it has confirmed that some data obtained from a data breach, which it announced on March 30, has been published on the dark web today (April 26).

"While our investigation with third-party cybersecurity experts is continuing, it appears that approximately 20 customers have had personal information – names and National Registration Identity Card (NRIC) numbers – published.

"We are working closely with law enforcement and other relevant authorities, including the Communication and Digital Ministry, and CyberSecurity Malaysia, in the ongoing thorough investigation.

"We are also working to identify the specific information that has been illegally accessed and update the customers that have been affected.

"We anticipate and are preparing for the criminals to publish more information including additional customer names and NRICs," AKPK said in a statement to LifestyleTech.

A quick check of the file posted on a data breach website by a ransomware group claiming to be BlackCat on April 25 showed that it contained a list of directories, with limited samples showing documents such as payslips, letters from banks, copies of MyKad, and application forms of individuals joining the agency's Second Chance Program.

The agency said its staff will be on standby to assist customers in matters related to the breach.

"We understand this situation is very concerning and we sincerely apologise. AKPK will continue to do everything we can to mitigate the impact of this breach.

"We are reaching out directly to communicate with all our customers about this security breach and support them in the steps customers can take to safeguard themselves," it said.

On March 30, AKPK announced that it had discovered that its server containing customer data may have been illegally accessed and it had taken measures to put operational systems offline temporarily.

The agency states that the acquisition, use and dissemination of information in the possession of cybercriminals is a criminal offence.

×

Related stories:

AKPK to take some operational systems offline temporarily to prevent further breaches

Follow us on our official WhatsApp channel for breaking news alerts and key updates!

   

Report it to us.

Next In Tech News
What is DOGE? Houston experts say Trump's new 'department' is not actually a department
Netflix down for thousands of users in United States, Downdetector says
From a US$1mil DoorDash scam to a massive crypto heist, Gen Z linked to sophisticated online crimes
Uncle: US teen had met man responsible for her death playing games online
T-Mobile hacked in massive Chinese breach of telecom networks, WSJ reports
In El Salvador, crypto investors cheer Trump-powered Bitcoin rally
Major Trump Media shareholder sells nearly entire stake
Musk's political ascendancy stirs hopes of redemption for X banks
Apple deletes US-funded RFE/RL news app from Russian App Store, news outlet says
Musk expands lawsuit against OpenAI, adding Microsoft and antitrust claims

Trending in Tech

Others Also Read

Load more

Copyright © 1995- Star Media Group Berhad [197101000523 (10894-D)]

Best viewed on Chrome browsers.