KUALA LUMPUR: Police have opened an investigation paper on alleged personal data leak claimed to be from the National Registration Department (NRD) and the Inland Revenue Board (IRB).

Bukit Aman Commercial Crime Investigation Department director Datuk Mohd Kamarudin Md Din said the investigation was launched after the NRD's deputy director lodged a report at the Presint 7 police station, Putrajaya, yesterday.

He said the police would obtain a report from NRD's information technology division and inspect the NRD and IRB systems to determine the source of the alleged leak, adding that the police are looking at the allegations from all angles.

"Our initial action is to block the data from being sold. Police do not rule out the possibility of the involvement of insiders but a thorough investigation will be carried out in collaboration with the Communications and Multimedia Commission, CyberSecurity and National Cyber Security Agency (NACSA)," he said in a special press conference at Jinjang Police Station here today.

Mohd Kamarudin said the case is being investigated under Section 4 (1) of the Computer Crimes Act 1997.

An online discussion forum claimed that four million citizens' data from NRD's database is up for sale on a well-known database forum market today.

It said the database was obtained from the IRB website through an Application Programming Interface (API) made for myIDENTITY.

Meanwhile, the IRB in a statement today denied the claim, adding that IRB is only the user and not the owner of the myIDENTITY system.

"An internal investigation was conducted and found no leakage of data and information as alleged.

"The IRB is also working with the NRD, NACSA and National Security Council to look into all possibilities regarding the allegations," read the statement.

It also assured that all data and information stored by the agency is safe because it is protected by recognised data security technology.

The IRB said it regretted the claim because it could erode public confidence, especially taxpayers, in the security of their data and information.

"The IRB would also like to advise the public to be more careful with such viral reports and does not rule out the possibility that it was spread by irresponsible parties to mislead and deceive the public," read the statement.

-- BERNAMA