Lukanisman said the cyberattack was “massive” and had targeted 1.12 million user data, while the super admin account’s download of the information sets was part of existing protocol.

He said he could not disclose further details as the police were investigating the downloading of the data through the super admin.

Responding to the Auditor-General’s (A-G) Report that there were 1.12 million attempted cyberattacks against the application, the deputy minister said MySejahtera’s operator managed to fend these off while no leakages occurred.

He was responding to a question from Ahmad Yunus Hairi (PN-Kuala Langat), who asked what safeguards were in place following the attempted breach as disclosed in the A-G’s report.

The report had raised several questions about the records stored in MySejahtera and found that the super admin account had downloaded three million information sets through various IP addresses.

It also said the account was later cancelled on Nov 2, 2021, two days after its final data download.

Govt has full rights over usage of MySejahtera

Lukanisman also said Putrajaya had full rights over the use of MySejahtera through a “perpetual licence” with no costs.

He said this was among the items agreed upon in talks between the health ministry and MySJ Sdn Bhd over the purchase of the application.

He said the government owned the application’s intellectual property rights, source codes of developed modules, data, brand, and logo.

He said the government can develop additional modules without any hindrances with the perpetual license, while a ceiling price of RM160 million has been fixed to procure the app from MySJ.

The outcome of negotiations with the company will be presented to the Cabinet soon, along with the ministry’s direction for the app.