PETALING JAYA: The National Cyber Security Agency (Nacsa) says it is currently investigating reports alleging that the MyKad data of 17 million Malaysians has been leaked and is being sold on the dark web.

"We understand this is a concerning issue for the public and want to assure you that we are taking it very seriously," said a spokesperson in a statement issued today (Dec 4) to LifestyleTech.

"Our experts are investigating the situation thoroughly to verify the authenticity of these claims and assess the extent of any potential compromise.

"Nacsa is committed to safeguarding personal data and will take necessary action based on our findings."

Dark web threat intelligence firm StealthMole first highlighted the issue yesterday (Dec 3) on X, stating that threat actors claim to be in possession of MyKad data belonging to 17 million Malaysians and are offering it up for sale on the dark web.

"As proof, they have publicly shared samples of Malaysian ID cards on the dark web," the company wrote in the post.

"This massive data breach raises concerns as it could lead to serious crimes like identity theft and financial fraud."

Nacsa said it will provide updates as more information becomes available while also urging the public to "avoid spreading unconfirmed reports and only refer to verified information from the authorities”.

It further advises monitoring bank accounts and credit reports for suspicious activity, remaining cautious of unsolicited communications, refraining from clicking on links or opening attachments from unknown senders, using strong passwords, keeping software up to date, and practising good cyber hygiene.