PETALING JAYA: A Kuching-based educator has started an initiative to send a letter of demand to Socso after the agency was hit by a cyberattack.

When contacted by LifestyleTech, Kenneth Chai said he believes it’s time for people to hold public departments, bodies and agencies accountable for data security and privacy.

“Existing laws must be extended to government entities not just commercial transactions because most of our most sensitive data are held by the government,” he added.

Chai explained that the letter will require Socso to disclose details from the incident including what personal data or info have been compromised, the number of contributors affected, and what cybersecurity measures were undertaken before and after the incident.

He posted a link on X (formerly Twitter) to gather signatures from other users to be part of a party to be collectively represented by KL-based firm Nas Rahman & Co.

As of Dec 15, Chai said he has closed the form after collecting 566 signatures. He added that the letter of demand will be delivered by a legal team to Socso today.

Last week, Socso said that it was able to overcome a cyberattack on its system, information database and website, which began on Dec 2. The agency issued the statement a user on Breachforums claimed that personal data has been leaked from Socso.

In a later statement on Dec 10, the agency said it is determined to seek legal action on the mastermind behind the cyberattack, adding that it also will file a police report after an internal forensic investigation revealed elements of commercial crime.

Chai said he believes more awareness should be brought towards data security issues in Malaysia.

“As more and more of our day to day activities are being digitalised, and the government is rolling out MyDigital ID, a better regulation is needed to restore the public trust when it comes to cybersecurity, personal data protection,” he said.

He added that two other recent cybersecurity incidents have also affected Jakim and the Inland Revenue Board (LHDN) recently.

In an announcement on Facebook on Dec 9, the Halal Hab under Jakim said its Halal portal had to be taken down temporarily due to a technical issue.

The agency disclosed on Dec 12 that the portal was hacked and had taken measures to investigate the incident. It has since announced that the portal is now operational.

On Dec 13, a local tech portal claimed that LHDN’s payment portal had a potential data exposure concern due to a vulnerability discovered by a reader. The portal said it had notified LHDN’s comms and security division on the matter.