The Social Security Organisation (Perkeso) has confirmed that they were hit by a cyber attack on Saturday.
Perkeso said in a statement that their system, database and website have been breached by hackers.
The agency says that while they were confirming the attack, a crisis management plan was activated on the same day with the information, deploying the communications and technology (ICT) unit to fix the system.
They said that the early stages of the attack’s modus operandi was to cripple Perkeso’s infra that they use for day-to-day operations.
However, the success of SOCSO’s ICT unit in regaining control of the system was ultimately due to hackers changing tactics and attempting to launch charater assassination attacks against Socso’s image.Perkeso
Perkeso guarantees that this planned effort by hackers will not hinder their services to contributors, employers and the public.
Therefore, all interest, compensation and disability pension payments to contributors and heirs involved will still be carried out according to the allotted period.Perkeso
Commenting on the leaked information displayed on the dark web, the results of Perkeso’s initial investigations found that the validity of the data stolen by the hackers was highly doubtful, incomplete and expired.
Perkeso said that is because one of the stolen clusters has never been observed by the agency, ever since they were established back in October 1971.
This is not the first time, according to the agency which mentioned that a series of intrusions have been detected previously, with the last one being last September which was successfully contained.
This irresponsible initial action is an attack that targets national interests, therefore all forensic results will be shared with the authorities to avoid similar episodes against other agencies.Perkeso
It was reported by The Star previously that a post was made online that allegedly says that personal data had been leaked from Perkeso.
In the post, reports say that sample data such as names, addresses, payment methods and mobile numbers were leaked by a user who also claimed more samples would be released within 72 hours.
It was also reported that the Personal Data Protection Department (JPDP) was made aware of the leak and is taking appropriate action.