KUALA LUMPUR: The registration for Central Database Hub (Padu) should be temporarily suspended until security flaws are addressed, as it currently lacks the robustness for its intended objective.
Investment, Trade, and Industry (MITI) former deputy minister Dr Ong Kian Ming said those currently receiving government aid like Bantuan Tunai Rahmah (BTR) may provide inaccurate information in Padu.
"This is especially true for those with additional non-taxed income, such as rental income from owned properties.
He said that many users, including himself, are questioning the absence of data in several columns within Padu.
"This is perplexing, considering Padu is designed to consolidate information from various ministries and agencies, including the Inland Revenue Board (LHDN), the Social Security Organisation (Socso), the Employees Provident Fund (EPF), the National Registration Department (JPN) and so on," he added.
Ong stated that Economy minister Rafizi Ramli responded via Twitter, explaining that the information was not displayed due to security concerns related to potential hacking into Padu's servers.
He questioned the need for users to provide certain information in Padu when some of it is already accessible through government ministries and agencies.
"What if the information supplied is not the same as what is found in Padu's database and how does Padu verify the other information which is supplied by the user such as rental income from land or property?
"With so many additional fields to fill in, many users would choose the option of not filling up these fields or to fill them up with inaccurate information so that they remain eligible to receive government subsidies," he said in a statement.
Ong also pointed out a major security flaw in Padu's registration by using an IC number and postcode, where one can register an account for someone, bypassing the Electronic Know Your Customer (e-KYC) process.
"I did this with the IC address and postcode of four of my DAP colleagues who are ministers or deputy ministers namely Hannah Yeoh Tseow Suan, Steven Sim Chee Keong, Liew Chin Tong and Teo Nie Ching.
"I was also able to change some of the details for the academic qualifications and occupation of Hannah Yeow Tseow Suan without having to go through the e-KYC verification.
"Where does this leave us? I would strongly recommend for the cabinet to make a collective decision to suspend the registration of Padu users until the security issues can be solved," he said, adding that the system should be stress tested before it is rolled out again.
He added that users who have registered but have not undergone the e-KYC verification should be asked to register again after the security issues have been resolved.
"The number of fields of information should be decreased and once the security features are in place, the information which can be pulled from other agencies and ministries should be pre-filled as much as possible.
"The user should have a mechanism where he or she can make a report if the information provided is not accurate.
"IT and cybersecurity experts should be called in to provide value-added inputs which can be used to improve the design of the Padu system," he said.