KUALA LUMPUR (July 25): No arrests have been made while investigations are still ongoing over the alleged sale of Malaysian’s personal data on hacker site raidforums.com, said the Ministry of Home Affairs.

In a written Parliamentary reply, the Ministry confirmed a police report regarding sale of the data, involving Malaysians born between 1989 and 1998.

“The data is said to have been obtained through the sharing of information in MyIDENTITY at the Inland Revenue Board (IRB),” it said.

“Investigation papers have been opened under Section 4(1) of the Computer Crime Act 1997 (Act 563) (unauthorised access with intent to commit or facilitate commission of further offence),” it said.

The Ministry added that several servers from the National Registration Department and the Ministry of Domestic Trade and Consumer Affairs have been confiscated for further investigation.

“The Ministry does not intend to elaborate further, so as to not interfere with the ongoing investigation,” it said.

“The Ministry also wishes to emphasise that the security of access and data in the MyIDENTITY system under the Department’s purview is assured with the  implementation of the security improvement activities in stages such as the Security Posture Assessment,” it added.

The Ministry was responding to Kepong MP Lim Lip Eng’s question on the identity of the people who allegedly leaked 22.5 million Malaysia’s personal data with a price tag of US$10,000.

In May, it was reported that hackers have claimed to secure the data that was sized up to 160GB, and sought buyers for a sum of US$10,000 in Bitcoin.

This was less than a year since the MyIDENTITY data breach, which was said to involve personal data of four million Malaysians.