PUTRAJAYA: The alleged data leak containing information of 22.5 million Malaysians is not from the National Registration Department (NRD), says Datuk Seri Hamzah Zainudin.

       The Home Minister said there was a mechanism in place which could prove that the leaked information did not come from the department.

       He said nevertheless, investigations would still be done to ascertain whether there was any truth to the allegation.

       “Previously, there was a similar allegation but we have managed to prove that the leak was not from the NRD.

       “It was from several agencies which we have given some leeway for them to obtain information from us,” he told reporters at the Home Ministry’s open house on Tuesday (May 18).

       An alleged data leak containing the information of 22.5 million Malaysians born between 1940 and 2004, purportedly stolen from NRD has once again put the country’s data security measures in the spotlight.

       Local tech portal Amanz reported that the database, 160GB in size, is being stolen for US$10,000 (RM43,950) on the dark web.

       In the screenshot shared by the portal, the seller claimed that this was an expanded database compared to the one he sold in September last year, which was only up to 1998.

       In both incidents, it was claimed that the data was syphoned from the NRD through the My Identity API.

       MyIdentity is a centralised data-sharing platform that is used by various government agencies.