Netizens Cry Data Leakage At Mytax Portal

---

The Inland Revenue Board (IRB) has come under the spotlight over alleged data leakage at its online portal for taxpayers to file their taxes, among others.
Earlier today, netizens took to social media to complain that taxpayers’ personal information could easily be accessed by anyone through IRB’s MyTax website, which serves as a one-stop centre for taxpayers to handle their tax matters online.
According to publicly available postings on Facebook, netizens including IT experts pointed out that one only needs a person’s MyKad number to access sensitive information such as home address, telephone number, bank account number, email address, and tax number.
“It is dangerous to have a government system that works like this. You just key in the IC (MyKad) number and, before you even finish the login process, all data is already made available, including your security phrase.
“One only needs your IC numbers to get your home address, telephone number, and bank account numbers, among others,” said Facebook user Muhammad Fauzzury.

A Facebook page named “Pendakwah Teknologi”, which has over 21,000 followers, detailed the steps on how the information could be accessed by anyone armed with a taxpayer’s identity card number.
“I seldom get angry but, today, there is one problem that made me really upset. This problem involves the MyTax system utilised by the IRB.
“Do you know that we can use this MyTax system to access personal information of an individual with only their identity card number? You don’t even need their password.
“Thank you for this system that is very safe. A very good example of how data can be leaked,” it said sarcastically.
The page also tagged Communications and Digital Minister Fahmi Fadzil in its post.
Another Facebook user who pointed to the same issue jokingly suggested that the public should use the opportunity to get juicy information about politicians.
“A few politicians have their IC public, I guess you can check their phone number this way,” he said.
Malaysiakini has reached IRB and Fahmi to get their response to the issue.
Root cause remains unaddressed
It was learned that the MyTax website was down since this afternoon but it could not be ascertained if it had to do with the data leakage issue.
However, checks at 4.30pm found that the site is back online again, with the loophole seemingly plugged.
It was learned that the page administrator has encrypted personal data on the website and the information is no longer accessible to the public.
Nevertheless, a programmer told Malaysiakini that the root cause of the problem remains unaddressed.
He also showed a screenshot demonstrating how a person’s phone number, email, and address are publicly displayed just by keying in the person’s IC number to an API (application programming interface) address. API refers to software designed to communicate and share data with other software.
“They just hide the unlocked door, but if you know where the door is, you still can get in. So, the problem is still there - the door still remains unlocked,” he said.
Despite this, the IRB said the taxpayer data it keeps remains safe.
“The IRB wishes to emphasise that the secrecy of taxpayer data on the MyTax platform is safe and secure because it is protected by recognised data security technology.
“The IRB view the issue seriously and gives it the highest priority in efforts to improve taxpayers’ confidence and trust towards the IRB on tax administration matters,” it said in a statement today. - Mkini

---