It said the cybersecurity breach was the result of a sophisticated intrusion by an unidentified party.
“The intrusion specifically targeted card data from online transactions,” iPay88 said in a statement.
“There was no impact on transactions made through Android terminals, e-wallet QR payments, online banking, buy-now-pay-later (BNPL) services, vending machines, point of sale (PoS) and batch card payment.”
It also said containment and remedial action were successfully completed by July 20, with no further intrusion detected since then.
In August, iPay88 confirmed experiencing a cybersecurity breach, saying an investigation was initiated on May 31 with cybersecurity experts roped in to mitigate the issue.
It did not specify when the security breach occurred.
In a separate statement, Bank Negara Malaysia (BNM) said iPay88 had taken the necessary containment and rectification measures to address gaps that were identified following the completion of an independent forensic investigation.
BNM said it had instructed iPay88 to undertake additional measures to further strengthen its cyber security controls and IT infrastructure to ensure that similar incidents did not occur in the future.
“BNM will continue to monitor iPay88’s implementation of these measures and, where appropriate, will undertake further supervisory or enforcement action,” it said.
The central bank also said it had directed banks and card issuers to maintain “heightened vigilance” over the activities of cards that may be at risk.
Stay current - Follow FMT on WhatsApp, Google news and Telegram