Bukit Aman’s commercial crime investigation department director Ramli Yoosuf said the suspects, aged between 34 and 52, were arrested during Op Kapas on Sept 5.

The suspects comprise four Malaysians and one Pakistani national, who is believed to be the mastermind of the syndicate.

Ramli said the syndicate stole personal data by hacking into systems used by various companies and agencies.

The stolen information, including names, identity card numbers, home addresses, bank account details and mobile phone numbers, were then uploaded to a portal known as Query Smart Search, he said.

“Access to this portal was rented out to interested individuals at a rate of RM200 to RM800 per month. Some data was also sold directly to buyers for between RM1.50 and RM2 per record,” he told a press conference.

Present at the press conference were the personal data protection department’s commissioner, Nazri Kama, and CyberSecurity Malaysia chief technology officer Wan Roshaimi Wan Abdullah.

Ramli said the syndicate’s activities were initially detected by CyberSecurity Malaysia after monitoring a website, dataserver1.mypsx.net, which contained user information believed to be registered with various companies and agencies.

He said most of the identified renters and buyers were unlicensed debt collection companies, and the authorities also believed that other syndicates might have used the services.

The Pakistani national was charged on Oct 11 with two counts under Section 130(4) of the Personal Data Protection Act 2010 for selling personal data, punishable under Section 130(7) of the same Act.

“The 47-year-old Pakistani man entered Malaysia as a general worker about 10 years ago but is believed to have been involved in online hacking for about a year,” he said.

Ramli said the other four suspects, three of whom are believed to be unlicensed debt collectors, were released on police bail.