Audit: MySejahtera Data Breach Affected Three Million Users
The personal information of millions of MySejahtera users has been exposed after an account authorised for vaccine administration stole data from three million vaccine recipients, revealed a national audit.
The latest Auditor-General’s 2021 report (Series 2) tabled in Parliament today revealed that a “Super Admin” account under the MyVAS system, which is used at vaccination centres to record and issue Covid-19 vaccination certificates, had downloaded the personal information of three million vaccine recipients from the MySejahtera app.
The data breach took place between October 28 and October 31, 2021, using five different IP addresses, according to the national audit, citing an email from MySejahtera developer KPISoft Malaysia Sdn Bhd (company registration number 700674-U) (currently known as Entomo Malaysia Sdn Bhd) to the National Security Council (MKN) on November 2, 2021.
Read more at CodeBlue.