S’porean Motorists Applying For VEP In Malaysia Risk Personal Info Being Leaked

S’porean Motorists Risk Leak Of Personal Info Through VEP Application

Starting from October, Singaporean motorists will need to apply for a vehicle entry permit (VEP) to visit Malaysia.

On Friday (26 Apr), MS News reported that motorists can register at Malaysia’s VEP website.

If you haven’t registered for a VEP yet, then hold on and take a breather.

Motorists could get their personal information leaked due to a loophole, reports The Straits Times on Friday (26 Apr).

Here’s our detailed summary of the saga, which could impact thousands of registered locals.

Personal data viewed by other VEP holders

On Friday (26 Apr), Singaporean driver Mohamadd Hafiz sent the website’s URL to his nephew so he could register too.

He recalled in an interview,

When he opened the page, he was surprised he was staring at my own details and not his.

Mr Hafiz, an IT specialist, made slight modifications to the URL.

He quickly discovered the personal data of other motorists such as their address, passport number, email and phone number.

 

For starters, here’s a sample VEP profile.

Source

Mr Hafiz said that Malaysian authorities should have done a website penetration test so that personal data was not easily available.

The Straits Times contacts Malaysian authorities

Upon the discovery of the loophole, The Straits Times contacted Malaysian authorities at 12:00pm on Friday (April 26).

The site was under maintenance a few hours later.

Source

As of 11:00am on Saturday (April 27), the VEP Portal is back in action.

Source

Risk of access for shady purposes & marketing ploys

According to Mr Roger Rajan from JMS Rogers, companies in the finance and marketing industry can access the information.

He told The Straits Times,

Some business people would be overjoyed to have this type of information for free. With it, background checks can be done.

Applicants may also be targets for loan scams and marketing ploys.

While passwords can easily change, addresses and passport numbers don’t share the same fate.

Mr Aloysius Cheang – an executive of the Centre for Strategic + Security Science – said that the leak meant addresses and passport numbers were longer an effective means to verify an individual’s identity.

Malaysia’s Personal Data Protection Act (PDPA)

The Malaysian Personal Data Protection Act 2010 had a set of requirements and responsibilities for businesses that aggregate the personal information of employees and customers.

The penalty for violating the act is a fine not exceeding RM 300,000 ($98,870) and/or imprisonment not exceeding 2 years.

Mr Foong Cheng Leong – a lawyer who specialised in data protection – told The Straits Times that the PDPA does not apply to Malaysian government agencies.

He said,

There may be no recourse against the Government unless there is a breach of contract. But the data subjects may still sue for negligence.

Keep waiting for updates

There’s still a few months before October so stay tuned for updates.

VEP applicants should wait for Malaysian authorities to solve the website’s issues.

In the future, we hope businesses and organisations will conduct tests to ensure that users’ personal information will remain private.

Featured image from Edgeprop and Malaysia Vehicle Entry Permit

Monique Danao

When Monique's not writing, you'll find her enjoying funky food, listening to music and playing RPGs.

Recent Posts

Woman in M’sia runs ‘school bus’ for dogs after finding pet daycare costs unreasonable

For S$11 to S$13 per day, the service takes its paw-sengers on exciting adventures.

22 Nov 2024, 3:40 pm

3 vehicles involved in crash at Woodlands Checkpoint, 2 people sent to hospital

The two individuals conveyed to hospital include an 8-year-old boy.

22 Nov 2024, 1:31 pm

Pizza Hut China unveils pizza with whole fried frog, leaves customers stunned

When you get a little too innovative with pizza.

22 Nov 2024, 1:17 pm

40 kindergarteners & teachers trapped in M’sia cave during flash flood, rescued after 2 hours

Authorities ferried all 40 out of the cave using a boat within 2 hours.

22 Nov 2024, 12:29 pm

Man in US who called police for help killed by officer while fighting home intruder

The family's attorney has called for an immediate arrest warrant for the officer and for…

22 Nov 2024, 12:25 pm