Murugason R Thangaratnam, CEO of cybersecurity company Novem CS, said the recent leak of a dataset containing information on some 22.5 million Malaysians highlighted the need for cybersecurity-dedicated laws.

“The government may have said that national security was not compromised with the recent leak but I am more concerned about personal security.

“As Malaysia does not have a cybersecurity Act, how can the government ensure the people’s data does not leak?” he asked at a forum titled Security Concerns in Critical Value Chains.

Murugason said the government should develop a “sovereign cybersecurity framework” with data stored within the country rather than on servers abroad.

Storing data abroad was akin to giving the data to another country and could jeopardise the safety of the information, he said.

He encouraged the government and the private sector to collaborate in sharing expertise and intelligence in order for the country’s cybersecurity to be effective.

It was recently reported that a dataset purportedly belonging to the National Registration Department (JPN) had been put up for sale online. Home minister Hamzah Zainudin, in responding to the leak, said the dataset did not belong to JPN.

The dataset is said to contain information, including the full names, IC numbers, addresses and photographs of about 22.5 million Malaysians born between 1940 and 2004.

Bukit Aman commercial crime investigation department director Kamarudin Md Din has confirmed that police are investigating the matter.