PETALING JAYA: Cybercrime in Malaysia has become an escalating concern, with the number of cases soaring in recent years.
Cybercriminals are increasingly using sophisticated tactics to steal and sell personal data, creating unease regarding digital security and gaps in enforcement.
Bukit Aman Commercial Crime Investigation Department (CCID) director Datuk Seri Ramli Mohamed Yoosuf said cybercriminals commonly use phishing attacks, malware, hacking and social engineering to infiltrate businesses, financial institutions and government agencies.
“Stolen data is often traded on the dark web, making it difficult to track and recover.”
He said police, in collaboration with the Malaysian Communications and Multimedia Commission and CyberSecurity Malaysia, have been investigating such cases.
He also said the Digital Ministry has introduced a new intelligence system aimed at tracking and preventing data breaches.
“The system allows real-time intelligence sharing between police and the Personal Data Protection Commissioner’s Office. This would help us detect and take action against cybercriminals more effectively.”
Ramli acknowledged that while Malaysia has laws such as the Personal Data Protection Act (PDPA) 2010 and the Computer Crimes Act 1997, penalties need to be strengthened to keep up with evolving cyber threats.
“We must continuously review and enhance legal provisions. Increasing fines, expanding legal coverage and imposing stricter penalties would serve as stronger deterrents.”
He said one of the biggest challenges in addressing data breaches is the anonymity of cybercriminals, especially those operating from foreign jurisdictions, adding that encryption, VPNs and cryptocurrency transactions make them harder to track.
“Many operate from countries with weak enforcement, slowing investigations. But police are working with Interpol, the Asean National Police and foreign agencies to track them.”
He urged businesses and the public to take proactive steps in safeguarding personal data, including by complying with the PDPA, using multifactor authentication and restricting access to sensitive information.
Ramli was reported as saying that 22,911 individuals were arrested last year on suspicion of being involved in various commercial crimes that resulted in losses amounting to RM2.11 billion.
He said fraud accounted for the highest number of cases at 36,030, with losses of RM1.679 billion, followed by criminal breach of trust at 1,215 cases, with losses of RM380 million.
The cases recorded include 994 cases under the Moneylenders Act 1951 involving losses of RM5.4 million, 970 cases of counterfeit banknotes involving losses of RM385 million, 867 cases of cybercrime involving losses of RM35.63 million, 138 cases of forgery involving losses of RM6.87 million, 47 cases of misappropriation of property involving losses of RM2.54 million, and 89 other cases involving losses of RM803 million.
Malaysia CyberSecurity Community public communication secretariat Emma Rahim said data breaches have skyrocketed from 50 cases in 2022 to 646 in 2023, adding that by the end of Q3 in 2024, there were 427 incidents reported.
She pointed out that many breaches stem from human error, such as employees accidentally exposing sensitive data online.
She said while banks and telecommunication companies follow stricter data protection laws, SMEs remain vulnerable due to limited budgets and cybersecurity awareness.
“Many businesses do not prioritise cybersecurity until after a breach occurs, which is a dangerous oversight.”
She welcomed the Digital Ministry’s proposed intelligence system but stressed that technology alone would not solve the data breach crisis.
“Without stronger enforcement, legal reforms and international cooperation, cybercriminals will continue to find ways to evade detection.”
She called for stricter penalties under the PDPA to ensure businesses take responsibility for data security and urged companies to invest in employee training, regular security audits and appoint data protection officers to strengthen their defences.
Individuals who suspect their data has been stolen can report the incident to the CCID Scam Response Centre at 03-2610 1559 or 03-2610 1599, or contact CyberSecurity Malaysia’s Cyber999 service for assistance.
