The newly launched PADU platform — short for Pangkalan Data Utama and better known as the Central Database Hub — had its massive launch event on January 3 with much fanfare. The nationwide attention it received had not been unsurprising as PADU and anything related to it dominated the headlines for weeks.
For easy reference, PADU is a centralised data hub that will house the background information and personal data of Malaysians that have registered. It is expected for all Malaysians to register and update their profile on PADU to ensure they are part of upcoming targeted subsidies that the Malaysia Ministry of Economy is expected to rollout this year.
Since its launch earlier this week, it is easy to set expectations that PADU will remain the talk of the town for the coming days. Of course, even with its much-publicised launch, it is now populating top headlines and searches for the wrong reasons.
Major concerns about PADU include:
- Lack of comprehensive data privacy protections and functions
- Missing and incomplete data for users that have registered on PADU
- Not linked to existing data-sets that are available across various ministries and agencies — these are the ones that contain critical data and personal details of all Malaysians
- Various back-end vulnerabilities that can be exploited to steal user data
- Having no direct enforcement or detailed plans to prevent user account hijacking
Of these top issues, the most concerning is how anyone can change a user’s password if the hacker has the idenfication card number of their targeted victims.
“(Admittedly,) the weaknesses (for) the handling of (user) authentication had not been found during the Security Posture Assessment (SPA). The team had taken immediate action and resolved this issue within an hour,” shared Rafizi Ramli, Malaysian Economy Minister, in a lengthy post on X.
There are other issues as well, specifically with the web-portal coding, user interface, and overall experience. While Rafizi acknowledged these issues, he also had been quick to share how they are being addressed swiftly. He also made it a point to welcome any feedback from all Malaysians to ensure PADU can continue to optimise.
On concerns that the electronic Know-Your-Customer (e-KYC) function is not activated immediately upon registration, Rafizi shared how users can update their personal information before the e-KYC is activated. “This is to ensure a smoother process and information can be updated quickly before users go through the e-KYC process. It will only be implemented after the information is updated and a profile is sent for confirmation and acknowledgement,” he added.
Rafizi also revealed how PADU can register up to five individual accounts on a single phone number as it will help facilitate the registration of family members who did not own smart devices.
All Malaysians are expected to register and fill up their details on PADU to ensure they are included in targeted subsidy programmes; confirm their personal data is accurate and correct as all public agencies working with personal data will be connected to PADU; and be a more proactive participant in updating, managing, and securing their own user information.
In doing so, and once the e-KYC is acknowledged and fully deployed, Malaysians will no longer be defined based solely on their household incomes and, instead, be identified more with what their lifestyle is like, earning power, and life priorities.