Letters

Tighten Padu security to prevent breaches

January 20, 2024 @ 12:02am
A major concern is the possibility that someone can use another person’s IC to register for government aid programmes without having to go through the electronic know-your-customer (e-KYC) process. - NSTP file pic

LETTERS: CONCERNS about the Central Database Hub (Padu) registration should be addressed.

The worry is justified because Padu has access to data from 445 public sector institutions nationwide, including ministries, federal and state statutory bodies, and local authorities.

Various responses have been obtained following its launch, especially relating to its Application Programming Interface (API) shortcomings and loopholes in its cybersecurity.

It is said that users' password can be changed just by using one's identification card (IC) number. Such a flaw could be exploited through API calls by someone savvy enough.

Economy Minister Rafizi Ramli said issues regarding the registration — including bugs, other vulnerabilities and the loophole where people's IC could be used to override and change their password — were addressed within one hour after it was highlighted by social media users.

To ensure the security of Padu, measures — such as implementing cybersecurity protocols, strict access control, a robust data backup and recovery system, better data privacy policies and procedures, regular cybersecurity and data privacy training for staff, regular security assessments, and an incident response plan — are necessary.

These measures will protect the database from cyber threats, unauthorised access, data breaches and system failures.

Other steps include relooking its network infrastructure, cybersecurity, data management, IT governance, IT talent management, IT project management, IT budgeting and its outdated network infrastructure, which cannot handle increasing demand for online services, resulting in slow Internet speeds, frequent network outages and connectivity issues.

A major concern is the possibility that someone can use another person's IC to register for government aid programmes without having to go through the electronic know-your-customer (e-KYC) process. This must be solved.

At the speed the registration is going — about 800,000 have registered up to Jan 7 — more needs to be done.

Otherwise, the target for 29 million to register by March 31 will be difficult to achieve.

MOHD NOOR MUSA

Research analyst,

Institut Masa Depan Malaysia

The views expressed in this article are the author's own and do not necessarily reflect those of the New Straits Times

Most Popular
1
ASEAN 18 hours ago
Thai politician caught in bed with adopted monk son, suspended from public office
2
Nation 15 hours ago
Marrying an older woman: Couple defies odds in 18-year age gap marriage
3
Crime & Courts 18 hours ago
Cops urge Bank Negara to draw up rules on gold investment schemes [NSTTV] 
4
Crime & Courts 7 hours ago
[Updated] General manager, two other Kada senior officer arrested by MACC
5
NST Viral 2 days ago
#NSTviral: Car runs red light, sends motorcyclist flying [Watch]
Related Article
Nation
Data security, registration uncertainty and lack of perceived benefits deter Padu registration
Nation
Over half of Malaysians update details in Padu, says Rafizi 
Nation
No plans to extend Padu's March 31 deadline
Nation
DOSM: Almost 800,000 registered with Padu as of January 7
Letters
Using Padu a step closer to an equitable Malaysia
Says Stories
12 Local Activewear Stores So You Can Look Cute While Getting Fit
These 3 Malaysians Put Together Fun Adventure Trips For Anyone Who Loves Exploring
28 Nostalgic McDonald's Happy Meal Toys Only '80s & '90s Malaysian Kids Will Remember
Remaja Dakwa Diculik Van Putih, Rupanya Reka Cerita Sebab Tak Nak Pergi Kelas Mengaji
200 Tonnes Of Fish Die In Vietnam As Heatwave Causes Temperatures To Soar Over 40°C
Get Mobile App