KUALA LUMPUR: All agencies using the MyIdentity data have been instructed to implement stricter safety measures to prevent leakage, says Datuk Seri Hamzah Zainudin.

       The Home Minister, who ruled out any leakage from the National Registration Department (NRD), said it is important for stricter measures be implemented.

       “So far, 104 agencies are permitted to use the MyIdentity data but the ones who really use the data are not more than 100.

       “We will reduce the number of agencies from time to time by introducing certain benchmarks and requirements that they have to meet,” he told a press conference at Bukit Aman yesterday.

       Hamzah said the ministry would ensure agencies using the MyIdentity data take faster and stricter actions in implementing high security measures to prevent leakage of information.

       “We will start briefing all users of the data on what they are supposed to do,” he said.

       Hamzah said an internal investigation had been conducted at the NRD.

       “Don’t worry about data held by NRD. Our firewall is quite strong.

       “There was an allegation that the MyIdentity data was obtained from the Inland Revenue Board, but let police investigate the leak.

       “Don’t speculate as the police will investigate thoroughly where the leak is from or if there is any leak at all,” Hamzah said, adding that agencies with access to the data do not share information with third parties.

       The availability of the database was made public on Twitter by Adnan Mohd Shukor, an intrusion analyst, who also shared a screenshot of the database that showed it being sold online for 0.2 BTC (RM35,950).

       The 31.8GB file purportedly contains names, email addresses, mobile numbers and addresses grouped by birth year from 1979 to 1998.

       It was claimed that the data was harvested from the NRD through the MyIdentity application programming interface (API).

       MyIdentity is a centralised data-sharing platform that is used by various government agencies.

       However, the MyIdentity website – which was set up in 2012 – is no longer accessible.

       The IRB has denied an online report claiming that the data leak originates from its website through the MyIdentity API.