Today we will explore Malaysia’s significant step towards mitigating data leaks and the consequences of a 2022 ransomware attack on a British IT company.

Deputy Communications Minister of Malaysia Teo Nie Ching has announced the introduction of a Data Breach Notification system for immediate reporting and mitigation of data leaks. In the event that citizens face personal data leakage or hacking threats, they must submit a notification to the system. This solution enables the rapid analysis of incident data, allowing immediate action to prevent further leaks and manage ongoing impacts effectively. The initiative is aimed at preventing Malaysians from falling victim to scammers. “The government is dedicated to maintaining public confidence in the country’s data management practices”, said the minister.

Earlier, Malaysia established a National Scam Response Centre (NSRC). The center focuses on sharing information, coordinating efforts, assessing the need for legislative improvements, and addressing the global nature of fraudulent activities.

While some are trying to protect citizens from being scammed, others are facing heavy fines and penalties for failing to protect people’s data. The UK's Information Commissioner's Office (ICO) has announced its decision to fine Advanced Computer Software Group Ltd. (Advanced), a British IT service and hosting provider, £7.7 million ($9.6 million) for a 2022 ransomware attack.

The incident that occurred 2 years ago impacted hundreds of public and private entities, including NHS 111, and various healthcare products such as Adastra, Caresys, Odyssey, Carenotes, Crosscare, Staffplan, and eFinancials. As a result of the breach, the personal data of more than 80,000 people, including sensitive financial and health information, was exposed. According to UK Information Commissioner John Edwards’ statement, the company failed to implement adequate security measures.

The $7.7 million fine has not been imposed yet; the ICO is awaiting a response from Advanced before making a final decision, so the amount may change. If Advanced cannot provide convincing arguments and the fine remains at $7.74 million, the penalty will equate to $93.30 per exposed person, which is very high in comparison to previous cases.

As data-related risks are multiplying day by day, it is quite easy to get fined for failing to protect corporate or customer information. If you want to ensure comprehensive security of your data assets and comply with the law, try our Managed Security Service. SearchInform MSS is a reliable knight of the Order of Information Security!