CCRIS Service Suspension: What’s Going On And Should You Be Worried?
On October 1, 2021, The Edge newspaper reported that Bank Negara Malaysia had suspended all Central Credit Reference Information System (CCRIS) services to credit reporting agencies.
A day later, BNM confirmed the report and explained that it was a preemptive measure while a potential data leak is being investigated. Details of the potential threat are being withheld at the moment, but both CTOS and Experian credit reporting agencies have confirmed that their services are currently unavailable.
What’s going on?
At the moment, here’s the sequence of reported events. At the end of September, there was a report of a possible database leak from the National Registration Department (JPN). A person was found to be selling what he/she claimed to be a massive database of information stolen from JPN on a well-known black market website.
The stolen data has not been verified, and the Home Ministry has claimed that there has been no breach of security within the JPN. However, the police have announced that they are investigating the matter.
There is currently no reason to believe that these two incidents are linked. However, the timing that has happened indicates that CCRIS is at least concerned about a data breach; whether it was from this incident or from a completely different threat.
In other words, until a breach has been confirmed, it is likely that BNM and CCRIS are taking preemptive measures to ensure that nothing happens to your valuable financial information.
How does it affect you?
The most common question would be how does this affect your daily life? For the most part, it doesn’t have much of an impact. People don’t check their credit scores regularly, so the suspension of services does not have a direct impact on you.
However, as a precaution, you should be doing a full audit of your online banking accounts. After all, there is a chance that you have never actually changed your online banking password; so this is as good a time as ever to actually update your security.
You should also be looking into all the places that have your credit card information stored, e.g. online shopping and travel booking sites. Best practices say that passwords and credit card information should be encrypted, but you cannot always be sure.
The best practice for yourself should be to never allow a website to store your credit card information and manually enter it every time you want to make a purchase. So it would be a good idea to delete your credit card information from these sites just in case.
At the moment, there is nothing to actually be worried about. It would be best to wait for the authorities to finish their investigations and announce what happened.