Starting from October, Singaporean motorists will need to apply for a vehicle entry permit (VEP) to visit Malaysia.
On Friday (26 Apr), MS News reported that motorists can register at Malaysia’s VEP website.
If you haven’t registered for a VEP yet, then hold on and take a breather.
Motorists could get their personal information leaked due to a loophole, reports The Straits Times on Friday (26 Apr).
Here’s our detailed summary of the saga, which could impact thousands of registered locals.
On Friday (26 Apr), Singaporean driver Mohamadd Hafiz sent the website’s URL to his nephew so he could register too.
He recalled in an interview,
When he opened the page, he was surprised he was staring at my own details and not his.
Mr Hafiz, an IT specialist, made slight modifications to the URL.
He quickly discovered the personal data of other motorists such as their address, passport number, email and phone number.
For starters, here’s a sample VEP profile.
Mr Hafiz said that Malaysian authorities should have done a website penetration test so that personal data was not easily available.
Upon the discovery of the loophole, The Straits Times contacted Malaysian authorities at 12:00pm on Friday (April 26).
The site was under maintenance a few hours later.
As of 11:00am on Saturday (April 27), the VEP Portal is back in action.
According to Mr Roger Rajan from JMS Rogers, companies in the finance and marketing industry can access the information.
He told The Straits Times,
Some business people would be overjoyed to have this type of information for free. With it, background checks can be done.
Applicants may also be targets for loan scams and marketing ploys.
While passwords can easily change, addresses and passport numbers don’t share the same fate.
Mr Aloysius Cheang – an executive of the Centre for Strategic + Security Science – said that the leak meant addresses and passport numbers were longer an effective means to verify an individual’s identity.
The Malaysian Personal Data Protection Act 2010 had a set of requirements and responsibilities for businesses that aggregate the personal information of employees and customers.
The penalty for violating the act is a fine not exceeding RM 300,000 ($98,870) and/or imprisonment not exceeding 2 years.
Mr Foong Cheng Leong – a lawyer who specialised in data protection – told The Straits Times that the PDPA does not apply to Malaysian government agencies.
He said,
There may be no recourse against the Government unless there is a breach of contract. But the data subjects may still sue for negligence.
There’s still a few months before October so stay tuned for updates.
VEP applicants should wait for Malaysian authorities to solve the website’s issues.
In the future, we hope businesses and organisations will conduct tests to ensure that users’ personal information will remain private.
Featured image from Edgeprop and Malaysia Vehicle Entry Permit.
For S$11 to S$13 per day, the service takes its paw-sengers on exciting adventures.
The banana was purchased for S$0.50.
The two individuals conveyed to hospital include an 8-year-old boy.
When you get a little too innovative with pizza.
Authorities ferried all 40 out of the cave using a boat within 2 hours.
The family's attorney has called for an immediate arrest warrant for the officer and for…