Nacsa said it was taking the allegations seriously, and that its experts were working to verify the claims and assess the extent of the potential data leak, The Star reported.

“Nacsa is committed to safeguarding personal data and will take the necessary action based on our findings,” the agency said.

It also urged the public to monitor their bank accounts and credit reports for suspicious transactions, and to be wary of unsolicited communications, particularly if they receive links or attachments from unknown numbers.

Nacsa also advised against spreading unconfirmed reports on the matter.

The issue was flagged on social media yesterday, with the alleged perpetrators sharing pictures of MyKads on the dark web to prove their claim.

Digital minister Gobind Singh Deo previously said his ministry would thoroughly assess calls for the government to be made liable for personal data leaks involving government agencies.

Gobind said his ministry, through the Personal Data Protection Commissioner’s office, had received reports of personal data leaks from other agencies including the police, Bank Negara Malaysia and the Malaysian Communications and Multimedia Commission.

In 2023, the Social Security Organisation suffered a data breach in which personal information such as MyKad numbers, salaries, addresses and phone numbers was leaked by a hacker group.

Meanwhile, in August, more than 300GB of Prasarana Malaysia Bhd’s private data was reportedly leaked, with cybercriminal gang RansomHub claiming responsibility and demanding that the public transport operator pay an undisclosed sum as ransom.