KUALA LUMPUR: Action is being taken over the alleged hacking into the government's payroll system by a group of individuals who identified themselves as "gray hat" hackers.
Communications and Multimedia Minister Tan Sri Annuar Musa said the National Cyber Security Agency (NACSA) had been tasked to investigate the matter and take action.
He added that the Prime Minister's Department would assist NACSA in the event any government data had been compromised.
"Under NACSA, the matter is being investigated by the agency. JPM (the Prime Minister's Department) will assist (if there is data breach).
"Action is being taken," he told the New Straits Times today.
Annuar, however, declined to elaborate on the report and the extent of damages incurred by the government over the matter.
"Let us wait for the digital forensic analysis.
"Only NACSA can issue a statement on this," he said.
Sin Chiew Daily reported that the group of hackers identifying themselves as the "grey hat cybersecurity organisation" had claimed that they could break into the civil servants' ePenyata Gaji (ePaySlip) system to show there were loopholes in the system.
Through a statement that was emailed to the media, the hackers also claimed they could extract more than one million identities through the database that could be accessed via JavaScript Object Notation and comma-separated values.
Among the information that could be accessed include full name, MyKad number, job position, salary, payslip number, mobile phone number, and email address.
The hackers claimed that they could extract nearly two million payslips and tax forms in PDF format amounting to 188.75 gigabytes.
According to the Sin Chew Daily report, several screenshots of ministers' and politicians' payslips were also attached, including that of Finance Minister Tengku Datuk Seri Zafrul Tengku Abdul Aziz, Umno president Datuk Seri Dr Ahmad Zahid Hamidi and former Dewan Rakyat speaker Tan Sri Mohamad Ariff Md Yusof.
The hackers also claimed to have been in contact with the government through an email sent to several officials, including the Chief Secretary to the Government Tan Sri Mohd Zuki Ali, government security director-general Rahimi Ismail as well as the National Audit Department.
The hackers also said that the government was given until Sept 12 to respond to the ePaySlip loopholes revelation, but to no avail.
Following that, the group planned to sell the data extracted from the ePaySlip database on several open database markets starting Sept 19.
The daily also obtained confirmation from KLIA police chief Assistant Commissioner Imran Abd Rahman, who had said police report on the matter had been received from the National Audit Department and an investigation was being conducted.
