PUTRAJAYA (Sept 5): The Personal Data Protection Commissioner’s Office is carrying out investigations into the cybersecurity incident involving Prasarana Malaysia Bhd (Prasarana) information technology infrastructure on Aug 25.

The Digital Ministry in a statement on Thursday said the investigation would determine the nature of the breach and the data involved in the incident.

"It will also determine if there was any breach of the provisions of the Personal Data Protection Act 2010 and determine what action ought to be further taken on the matter," it said, adding that CyberSecurity Malaysia will also be providing technical assistance in this investigation process.

Digital Minister Gobind Singh Deo in the same statement said it was important to ensure that the law takes its course where notifications of data breach are received by the Commissioner.

“We have laws which emphasise the need to ensure that personal data is protected. We need to be strict about this.

“The Commissioner will do the needful to ensure a thorough probe is carried out on the matter and determine after that what ought to be done next,” he added.

On Aug 25, Prasarana suffered a cybersecurity incident involving unauthorised access to some of the company’s systems.

It was reported that it involved a ransomware attack that was uploaded by a group that goes by the name of 'RansomHub' on the dark web.

The Personal Data Protection Commissioner’s Office was informed about the incident on the following day and subsequently, Prasarana was instructed to issue a Data Breach Notification (DBN).

Uploaded by Lam Seng Fatt