KUALA LUMPUR: The Social Security Organisation (Perkeso) today confirmed that its system, information base and website was hacked since last Saturday (Dec 2).
In a statement, Socso said a crisis management plan was activated on the same day with its information technology and communication technology (ICT) unit mobilising a system recovery.
"The initial modus operandi of the cyber attack was identified as an effort to cripple the entire infrastructure used by Perkeso for daily operations.
"However, the success of Perkeso's ICT unit in regaining control of the system eventually led to the hacker changing tactics by attempting to launch a 'character assassination' attack on Perkeso's image," it said in a statement.
When commenting on the leaked information displayed on the dark web, it viewed the authenticity of the data stolen by the hacker as highly doubtful, incomplete and expired.
"This is because one cluster of the stolen data was never captured by Perkeso since the agency was established in October 1971.
"Cyber attacks against Perkeso is not happening for the first time. A series of intrusions have occurred, with the last one successfully thwarted in September last year.
"These irresponsible hackers launched attacks on matters pertaining to the country's interests.
"These attacks conducted by these irresponsible hackers target the country's interest. So, all forensic results will be shared with authorities to avoid the recurrence similar episodes against other agencies," Perkeso said.
It also assured that attacks by these hackers will not hinder its services to contributors, employers and members of the public.
"All benefit payments, compensation and disability pensions to contributors and their heirs will continue to be implemented according to their prescribed periods."
Meanwhile, Communications and Digital Minister Fahmi Fadzil said the ministry was made aware of the incident.
He said CyberSecurity Malaysia (CSM), National Cyber Security Agency (NACSA) and the Personal Data Protection Department (JPDP) needed to conduct its due diligence to probe the case.
"Given the present data vulnerabilities and risks today, I urge all government agencies dealing with data to be vigilant," Fahmi told a press conference at the Madani government's one-year anniversary in Bukit Jalil.
He urged for relevant government agencies to appoint a Chief Information Security Officer because such cases highlighted the importance of penetration testing to identify cyber weaknesses.