A recent ransomware attack on Prasarana has resulted in the leak of over 300GB of sensitive company data, prompting an investigation by the Digital Ministry and CyberSecurity Malaysia. - Muharram Kasim/Scoop pic, September 5, 2024
News

Digital Ministry probing possible personal data breach over Prasarana’s ransomware attack

CyberSecurity Malaysia joins probe as over 300GB of sensitive Prasarana data was compromised on the dark web

Scoop Reporters
Updated
6:37 PM MYT

 

KUALA LUMPUR – The Digital Ministry is investigating a potential data breach linked to the cyberattack on public transport operator Prasarana Malaysia Berhad.

In a statement today, the ministry confirmed that the Personal Data Protection Commissioner had directed Prasarana on August 26 to issue a Data Breach Notification after the ransomware incident.

“The Personal Data Protection Commissioner’s Office will carry out investigations to determine the nature of the breach and the date involved in the incident.

“It will also determine if there was any breach of the Personal Data Protection Act 2010 provisions, and determine what action should be further taken in the matter.

“CyberSecurity Malaysia, another agency under the Digital Ministry, will also provide technical assistance in this investigation process,” the statement said.

Last Sunday, over 300GB worth of private company files from Prasarana were published on the dark web following a ransomware attack against the company the previous week.

Cybercriminal gang RansomHub, believed to be operating from Russia, claimed responsibility for the hack.

While it remains unclear what Prasarana documents were released by RansomHub, the files published by the group suggest it comprises data about the company’s revenue, Touch ‘n Go information, projects, and human resource matters, among other things.

RansomHub operates a ransomware-as-a-service platform, where affiliates gain access to malicious tools to perform hacks.

With the ransomware in hand, hackers attempt to gain access to a company or entity’s network, possibly through a phishing email or other means.

Once a network has been successfully infiltrated, the company would not be able to access compromised files unless they pay a ransom to the hackers.

It is believed that because RansomHub published Prasarana’s files, the company may not have paid the ransom demanded to regain access to its network.

Prasarana has yet to respond to Scoop’s request for a comment on the matter.

On August 26, Prasarana confirmed that it was the victim of a ransomware attack in a statement to the press.

Prasarana said that the attack involved unauthorised access to the company’s internal system, adding that their cybersecurity team is handling the situation. – September 5, 2024

Topics

 

Popular

Ex-national basketball player arrested for alleged sexual harassment against students

Cheras top cop confirms source's claims, says 36-year-old suspect also has multiple simillar reports lodged against him before; source questions why MoE allowed him to teach

Petronas staff to be shown the door to make up losses from Petros deal?

Source claims national O&G firm is expected to see 30% revenue loss once agreed formula for natural gas distribution in Sarawak is implemented

Influencer who recited Quran at Batu Caves accused of sexual misconduct in Netherlands

Abdellatif Ouisa has targeted recently converted, underage Muslim women, alleges Dutch publication

Related

Copyright © 2023. All rights reserved.