PERSONAL DATA PROTECTION COMMISSIONER INVESTIGATING RECENT CYBERSECURITY INCIDENT INVOLVING PRASARANA

MALAYSIA BERHAD KUALA LUMPUR, Sept 5, 2024 – The Ministry of Digital views the recent cybersecurity incident involving Prasarana Malaysia Berhad’s information technology infrastructure seriously. The incident involved a ransomware attack that was uploaded by a group, that called itself RansomHub, on the dark web on August 25, 2024.

The Personal Data Protection Commissioner’s Office was informed about the cyber security incident on August 26, 2024. His Office then instructed Prasarana to issue a Data Breach Notification (DBN) by August 29, 2024, which Prasarana did.

The Personal Data Protection Commissioner’s Office will carry out investigations to determine the nature of the breach and the data involved in the incident. It will also determine if there was any breach of the provisions of the Personal Data Protection Act 2010, and determine what action ought to be further taken in the matter.

CyberSecurity Malaysia, another agency under the Ministry of Digital, will also provide technical assistance in this investigation process.

Minister of Digital, Gobind Singh Deo, said it was important to ensure that the law takes its course where notifications of data breach are received by the Commissioner.

“We have laws which emphasise the need to ensure that personal data is protected. We need to be strict about this. The Commissioner will do the needful to ensure that a thorough probe is carried out on the matter, and determine after that what ought to be done next,” he added.

-END-

Issued by: Corporate Communications Division Ministry of Digital, Malaysia