THE National Cybersecurity Agency (Nacsa) is investigating how a group of self-styled “gray hat” hackers managed to breach government firewalls and raid its e-salary system, Communications and Multimedia Minister Annuar Musa said.

According to Annuar, the Prime Minister’s Department will also be assisting in the investigations, but would not go into details of the damage caused by the group.

“Let us wait for the digital forensic analysis and only Nacsa can issue a statement on this,” he said.

On Thursday, an unidentified group claimed it had managed to identify vulnerabilities within e-Penyata Gaji, the salary database for Malaysian civil servants, and obtain a significant quantity of data.

This theft reportedly included full names, MyKad numbers, positions, departments, pay slip numbers, mobile phone numbers and email addresses.

To plug the hole, Pakatan Harapan information chief Fahmi Fadzil said the prime minister should immediately direct all ministries and heads of agencies to conduct a comprehensive cybersecurity audit.

He said the prime minister also needs to explain the breach to Parliament.

“This latest incident is an invasion that affects the personal safety of civil servants and the nation’s leaders,” he said in a statement.

Fahmi further suggested the ministers of finance, and communications and multimedia study a mechanism to penalise those people entrusted to protect the database for failing in their duty. – September 17, 2022.