PUTRAJAYA: A total of five government agencies and nine private companies were affected by the global information technology (IT) outage on July 19, Digital Minister Gobind Singh Deo said.

He named the government agencies as the Ministry of Transport, the Ministry of Education, the Ministry of Rural and Regional Development, the National Institute of Health and the Kedah Zakat Board.

The nine private companies impacted involve the aviation, banking and healthcare sectors.

"All data in the government sector are secured. There has been no data leakage, and we have observed no issues regarding data integrity," he told a press conference here today.

However, Gobind said there had been a phishing attempt during the IT outage, which the government successfully prevented.

He said several phishing domains were created by irresponsible parties to obtain information and gain access to specific companies' data.

Gobind said he met with representatives from Microsoft and CrowdStrike to deliver a firm message that their security levels must be strengthened.

He said Microsoft is currently preparing a full report on the incident and has been asked to consider the claims submitted by Malaysian companies that suffered losses and damages as a result of the disruption.

On estimated losses incurred by the affected entities, Gobind said he has requested a full report but has not yet received it.

Gobind said the outage was not a cyber attack but was caused by a flaw in CrowdStrike's update software, which disrupted Microsoft's operating systems and prevented users from accessing their computer systems.

"Although it was not a cyber attack, the ministry takes this matter seriously. Such disruptions highlight weaknesses in existing IT systems that could lead to significant damage and loss if they recur," he said.

Gobind outlined three measures to ensure such incidents do not happen again, including requiring software providers to improve testing procedures before deployment and ensuring regular reviews and updates of software plans, besides the importance of having a comprehensive incident response plan and stakeholder communication strategy.

He said the incident underscores the importance of good governance in managing digital platforms.

The Digital Ministry is addressing this by introducing and improving laws, including the Cybersecurity Act 2024 and amendments to the Personal Data Protection Act 2010 (Act 709), he added.