PETALING JAYA: The recent cybersecurity incident involving public transportation owner and operator Prasarana will be investigated to determine if the company violated provisions under the Personal Data Protection Act 2010 (PDPA).

In a statement, the Digital Ministry said that the Personal Data Protection Commissioner's Office will carry out investigations and determine the nature of the breach and the data involved in the incident. It will also recommend appropriate actions moving forward.

“We have laws which emphasise the need to ensure that personal data is protected. We need to be strict about this," said Digital Minister Gobind Singh Deo.

The incident involved a ransomware attack by a group called RansomHub, which uploaded the stolen data on the dark web on Aug 25.

On Aug 25, threat intelligence platform FalconFeeds.io posted on X claiming that a ransomware group had obtained 316GB of data.

Additional technical assistance for the investigation process will be provided by CyberSecurity Malaysia (CSM).

According to the ministry, the Commissioner's Office was informed about the cybersecurity incident on Aug 26. It then instructed Prasarana to issue a Data Breach Notification (DBN) by Aug 29, which Prasarana complied with.

Gobind stressed that it was important to ensure that the law takes its course once the Commissioner's Office is alerted about a data breach.