KUALA LUMPUR, Oct 18 — The Domestic Trade and Consumer Affairs Ministry said it has increased its systems security for data protection on its official website for fuel subsidy recipients following news reports of a leak yesterday.
The ministry said the “technical issue” was resolved at 1pm yesterday, and that access to the website was reactivated with better safeguards in place.
It advised Malaysians seeking to check their eligibility for the Petrol Subsidy Programme (PSP) to be patient and suggested doing so off peak hours.
“Since reopening access, traffic flow into the PSP portal has been quite high.
“The Ministry also requests users access the PSP Portal on Chrome or Mozilla Firefox browsers for a better performance,” it said in a statement on its website.
Popular tech blog Lowyat.net highlighted the issue in an article early yesterday morning, claiming that it had conducted several tests using five different Mykad numbers and found that the complete personal bank account number came up instead of just the last four digits with the rest masked, as is supposed to be the case.
The original article under “Program Subsidi Petrol Microsite Found Disclosing Recipient’s Bank Account Details” included screenshots of the bank account details as shown on the PSP website’s source code page, but was later removed after feedback from the ministry.
The data leak may have affected some 2.9 million Malaysians, which Lowyat estimated to be eligible for the subsidy if they have registered vehicles in their names.