THE Ministry of International Trade and Industry (Miti) must explain why employee data from companies, which had registered for the government’s Covid-19 vaccination programme for the private sector (Pikas), was left open to the public on the Miti website, Bangi MP Ong Kian Ming said.

According to Ong, Miti must also inform the companies whose data was leaked, so that they can take the necessary precautions.

He urged Miti to be transparent as it is one of the frontline ministries dealing with companies.

“Further, Miti must present a full public explanation on how this happened if it wants to continue to command the confidence of its stakeholders,” Ong said in a statement today.

On May 30, cybersecurity expert Suresh Ramasamy posted on LinkedIn that more than 2,000 Excel files containing companies’ employees’ data had been dumped on an unsecured Miti website.

Suresh said that this could involve 1.7 million employees, based on the number of companies that signed up for the Pikas programme.

The details, which can be downloaded openly from the Miti website, include employees’ names, their company name, identification numbers, and work designation.

Ong said Miti must clarify whether this lapse is due to errors made by the ministry’s Malaysia Automotive, Robotics and IT Institute.

“Miti must also explain whether these breaches is due to the lack of leadership at this agency after the removal of CEO Madani Sahari, who was arrested and remanded by the Malaysian Anti-Corruption Commission and eight others in March,” he said.

Pikas was aimed at getting manufacturing companies to speed up the vaccination process for their employees. – June 3, 2022.