Central Bank of Malaysia Investigating Potential Breach, Says Payment Systems Remain Secure
The Bank Negara Malaysia (BNM), the country’s central bank, was advised that it may have suffered from a potential data breach sometime in May of this year.
Governor Tan Sri Nor Shamsiah Mohd Yunus confirmed the incident in a press conference on Friday, 12 August, saying forensic investigations are already ongoing. She claims the breach did not originate from the central bank but rather from iPay88’s payment and card systems. iPay88 is an internet payment gateway that is not supervised by the BNM.
The Communications and Multimedia Ministry's personal data protection department also launched its own investigation.
The country’s payment systems remain secure despite the incident, according to the central bank, noting that there do not seem to be any other vulnerabilities to be concerned about at the moment. All banks have also already been notified about the breach and were asked to deploy additional security measures to protect cardholders.
BNM is considering taking legal action or imposing sanctions against iPay88 once the investigation is concluded.
Ms Nor Shamsiah added that iPay88 only informed them about the supposed data breach close to the end of July, which is why it’s only now that the incident is being investigated. But iPay88 has reportedly been in close communication with the central bank since to take precautionary measures and make sure other banks aren’t affected.
Lee Chean Chung, a PKR state assemblyman, has questioned why it took so long for BNM to disclose the iPay88 breach, alleging the two parties could have been working together to cover up their involvement. Meanwhile, PKR information chief Fahmi Fadzil called for a royal commission of inquiry on data breaches over the last five years.
iPay88 did indeed confirm that it had suffered from a data breach more than two months ago. The company almost immediately launched an investigation as soon as it found out and brought in cybersecurity experts to help with the issue. It noted that no further suspicious activity had been detected since 20 July.
Malaysia's central bank BNM was advised that it may have suffered from a potential data breach sometime in May of this year.
The breach, however, didn't originate from BNM but rather from iPay88’s payment and card systems.
Despite the incident, the country’s payment systems remain secure, according to the central bank.
Investigations are already ongoing, with BNM considering legal action against iPay88.