I would like to voice my concern that some personal information of Malaysian citizens might fall onto the wrong hands via a publically accessible website.

As we know, the election is around the corner. Suruhanjaya Pilihan Raya (SPR) has put up a site to allow the public to query their registration status as well as location for casting their votes. This is indeed a great convenience to the public but the authorities might have overlooked the risks that it might pose to the public.

The site's functionality includes the ability to pull out one's name, gender, locality, place for casting vote and so on when you key in one's IC number. Hence, one could easily punch in some random number that resembles someone else's IC, and pull out the same information regarding that person.

In my opinion that is already too much of information being revealed with so little controls in place, and is definitely a threat to the public. Take for instance, by randomly punching in a string of numbers that resemble our IC number format to this public accessible website, an ill-minded person would be able to extract the above mentioned personal information of a Malaysian citizen, pose as a representative of public institution or a bank official and exploit the personal information obtained.

A likely scenario would be to first call you up, then provide enough verification information such as your location, IC number, name and so on to gain your trust, and work out the rest using social engineering techniques. I also have concerns that these methods of getting personal information through a public accessible website might fall into hands of crime syndicates, locally and abroad, that would love to get hold of this easy method of obtaining information of Malaysian citizens.

Pardon my paranoia, but I think I painted a picture that is clear enough to be scary. I hope the authorities could assist in evaluating the risk involved on this issue, and notify the relevant parties for their action.