KUALA LUMPUR: The Women, Family and Community Development Ministry has dismissed the claim that the personal information of customers of the National Population and Family Development Board (LPPKN) was stolen in a cyber attack on Feb 19.
Its minister Datuk Seri Nancy Shukri said the compromised folder was named 'Padu', but it does not refer to the Central Database Hub (Padu) currently being actively updated by the Economy Ministry.
Instead, Nancy said it refers to a property of one of the units in LPPKN, namely the management and service delivery unit that is also known as Padu.
"The files in that folder only contained unstructured information related to several programmes organised by LPPKN such as pictures, videos, posters and presentation slides.
"The information in the folder named Padu does not contain structured data like the data in Padu developed in strategic cooperation with the Department of Statistics Malaysia (DOSM), Economy Ministry, and the National Digital Department," she said.
She said this during the winding-up session of the debate on the royal address for her ministry in the Dewan Rakyat today.
On Feb 19, Lowyat.net reported that Padu and LPPKN had been hacked by a group known as R00TK1T.
According to the online forum, the hackers claimed to have stolen data from Padu and breached LPPKN's security infrastructure and stole more than 27GB of data from its servers.
Meanwhile, Nancy said the Padu unit under LPPKN was established in 2015 and initially known as the Transformation and Implementation Management Unit (UTPP).
She said it was later renamed Padu from 2019 onwards and disbanded in 2022 following the internal restructuring of LPPKN.
Nancy said the ministry views the matter seriously and LPPKN has taken several measures.
These measures include the implementation of multi-factor authentication (MFA) and two-factor authentication (2FA), requiring user account verification multiple times before accessing servers or application systems.
"In addition, firewall reinforcement by upgrading the level of network security software acting as a shield against hacker access.
"Enhancements to user access policies have also been implemented, ensuring that system application modules or functions are only accessible to identified users," she added.
