Here’s how Malaysia’s central database hub can be compromised by cybercriminals

The current PDPA laws in Malaysia exclude government agencies. Hence, if a data breach was to occur on the database, who would be responsible for it?

Aaron Raj, Techwire

One of the biggest problems with data collected by government agencies is that it is often stored in silos by the respective agencies. Accessing all this data through a single platform or hub would ideally be the most effective way to gain comprehensive insights.

The Malaysian government has just launched the country’s national central database hub. Called Padu, the system will contain individual and household profiles of citizens and permanent residents in the country.

proactive cybersecurity


The entire central database hub, developed locally, took around six months to complete. Since its launch, thousands of Malaysians have rushed to register their accounts, leading to such high registration traffic that the system briefly struggled to cope with the demand.

While most Malaysians were impressed that the government had finally launched a system consolidating all necessary information in one location, there were concerns about the security features of the Padu system. Comments on social media highlighted weaknesses in some features, particularly in user registration processes.

Rafizi Ramli, Malaysia’s Economic Minister who is overseeing the database, said that the government is aware of the cybersecurity concerns and has taken the measures needed to protect the data in Padu.

When the government handles data of this size, the risk in terms of data intrusion and security is a significant concern. The development of Padu has taken into account all the aspects of system security risks and classified information breaches,” he said.

In a report by Channel News Asia, the minister added that measures adopted include establishing comprehensive standard operating procedures as well as strategic cooperation between groups – namely the National Cyber Security Agency (NACSA), the Office of the Chief Government Security Officer (CGSO), CyberSecurity Malaysia and the Department of Personal Data Protection (PDP).

“The government has also appointed a group of independent experts with expertise in various fields who act as a check and balance in ensuring that Padu’s development includes the latest and best safety features,” added the minister.

Padu developers were quick to fix a flaw after it was highlighted on X.

Padu developers were quick to fix a flaw after it was highlighted on X.

How secure is Padu?

Several cybersecurity professionals in Malaysia have raised concerns about the Padu database. Given that the database is also expected to underpin the country’s forthcoming digital ID, many emphasize the need for developers to ensure the absence of backdoors that could be exploited by cybercriminals to compromise the system.

According to a report by The StarCyberSecurity Malaysia (CSM) chief executive officer Datuk Dr Amiruddin Abdul Wahab said that cyberthreats to the data of millions of Malaysians are real and constantly evolving with technological advancements. Despite this concern, he assured readers that the responsible authorities have undertaken all necessary measures to secure Padu.

Read more here