Malaysia’s iPay88 revealed in a statement that it had experienced a cybersecurity incident where card data may have been potentially compromised.
iPay88 said that upon discovery of the issue, it had immediately initiated an investigation on 31 May 2022 and brought in cybersecurity experts to contain the issue.
The company claimed that the containment process was successfully completed and that no further suspicious activity has been detected since 20 July 2022.
According to iPay88, it has implemented various new measures and controls to strengthen the system’s security against any further incidents.
“The investigation is currently ongoing and we are working closely with the authorities and relevant parties on this matter. More updates and detailed findings will be shared in due course.
All financial institution partners have been informed and kept up to date. We will continue to monitor the situation closely and ensure the safety of the cardholder data.”
Fintech News Malaysia has reached out to iPay88 to clarify the extent of the breach, but they have declined to comment.
In light of this incident, The Association of Banks in Malaysia (ABM) and Association of Islamic Banking and Financial Institutions Malaysia (AIBIM) cautioned banks to “take seriously the data security of their cardholders”.
The associations stressed the need for banks to implement additional countermeasures to protect cardholders from potential risks that may arise from this incident. This includes the heightening of real-time fraud monitoring to detect fraudulent and out-of-norm card usage behaviour.
Cardholders are reminded to closely monitor their bank statements and transaction alerts that they receive from their banks. They were also urged to reach out to their respective issuers via call centers or branches for any assistance related to this matter.
PKR information chief Fahmi Fadzil had also given his take on the issue by calling for a royal commission of inquiry (RCI) to conduct an investigation into the leak stating that this is a national issue as it involves the security of Malaysians’ personal data.
