The Domestic Trade and Consumer Affairs Ministry said it has increased its systems security for data protection on its official website for fuel subsidy recipients following news reports of a leak yesterday.
“Since reopening access, traffic flow into the PSP portal has been quite high.
“The Ministry also requests users access the PSP Portal on Chrome or Mozilla Firefox browsers for a better performance,” it said in a statement on its website.
Popular tech blog Lowyat.net highlighted the issue in an article early yesterday morning, claiming that it had conducted several tests using five different Mykad numbers and found that the complete personal bank account number came up instead of just the last four digits with the rest masked, as is supposed to be the case.
The original article under “Program Subsidi Petrol Microsite Found Disclosing Recipient’s Bank Account Details” included screenshots of the bank account details as shown on the PSP website’s source code page, but was later removed after feedback from the ministry.
The data leak may have affected some 2.9 million Malaysians, which Lowyat estimated to be eligible for the subsidy if they have registered vehicles in their names.