PUTRAJAYA, July 24 — The massive information technology (IT) outage reported by cybersecurity firm CrowdStrike on July 20 that disrupted services around the world, including at Kuala Lumpur International Airport (KLIA) Terminal 2, was not a cyber attack, Digital Minister Govind Singh said.
Elaborating further, Govind said the incident was a failure on CrowdStrike’s part and the government has sought an explanation from Microsoft.
“When the incident happened, many people asked the government whether this was a cyber attack and what the government is doing to resolve it,” he said at a press conference at the ministry.
“That’s why we wanted to hold this press conference to make it clear that this was not a cybersecurity incident, that this was not the fault of the government, that it happened because of a weakness in the system.
“That is why I asked for the report and people know it was a power outage. Going forward, I want to assure everyone that my ministry is prioritizing security. Since January, we have been moving swiftly through Parliament to implement various pieces of legislation, including the Cybersecurity Act and amendments to the PDPA (Personal Data Protection Act).”
“We have also called the necessary parties involved to explain what happened and have clearly laid out what we expect from them – the highest standards. We want to ensure that an incident like this never happens again and if it does happen, we need to have a response plan to deal with such an incident,” he added.
Govind said five government agencies were affected during the power outage – the Ministry of Transport, Ministry of Education, Ministry of Rural Development, National Health Institute and Lembaga Zakat Kedah.
He said no data was stolen during the outage and the agencies involved have returned to normal operations.
Govind also warned the public not to trust people pretending to offer help with Windows operations due to issues posed by CrowdStrike.
He said the ministry had received reports of people using the aftermath to phish for personal information.
“We have seen a number of new domains emerge which are malicious individuals attempting to commit scams and fraud and steal your information. These individuals are conducting phishing activities to steal your information and use it for criminal activities. Please be aware of this and rest assured that the Government is taking this issue very seriously.
“This incident shows why there is an urgent need to put in place a better digital platform management system. The Digital Ministry has been taking steps in this direction by introducing and improving the Cybersecurity Act 2024 and the proposed amendments to the PDPA,” he added.
Last Friday, it was reported that a global IT outage had affected major institutions including airlines, banks, media channels and hospitals in several countries.
The outage was linked to global cybersecurity firm CrowdStrike Holdings, an Austin, Texas-based American cybersecurity technology company that provides endpoint protection, threat intelligence and cyberattack response services.
