KUALA LUMPUR — The National Security Council (MKN) has clarified that claims of a personal data leak circulating on social media refer to information believed to have originated from cybersecurity incidents reported before 2022 and are not linked to any current platform.

The council through the National Cyber Security Agency (NACSA), said the information was believed to have been unlawfully obtained through cyber intrusions targeting various systems prior to 2022 and is now being redistributed through online platforms without authorisation.

“NACSA emphasises that providing, disseminating or granting access to information obtained unlawfully constitutes an offence under Malaysian law, even if the service is hosted outside the country,” the council said in a statement said.

The NACSA, together with MyNIC and the Personal Data Protection Department, has taken immediate action, including engaging foreign service providers to remove and block access to the websites concerned, it added.

At the same time, NACSA is working closely with the Royal Malaysia Police to conduct digital forensic investigations aimed at identifying those involved and bringing them to justice.

The council also advised Malaysians not to use or obtain services that offer access to unlawfully acquired information, as doing so contributes to the spread of cybercrime and violates Malaysian law.

“This incident further underscores the urgent need to strengthen national legislation. The Cyber Crime Bill, which will be tabled in Parliament, introduces more comprehensive provisions and stricter penalties for various forms of cybercrime, including system intrusions and data theft,” MKN said.