Zurairi Ar reports:
The Ministry of Education’s School Examination Analysis System (SAPS) was taken offline yesterday, following the discovery of a security exploit that could have potentially exposed the personal details of more than 10 million citizens.
Malay Mail was alerted of the vulnerability on Friday evening by a reader, who insisted on remaining anonymous and had reached out to the media after claiming the ministry had previously ignored his warning.
The paper later alerted the Malaysian Computer Emergency Response Team (MyCERT), following consultations with tech blogger Keith Rozario, who has covered data breaches extensively, and Khairil Yusof, the co-founder of local technology advocacy group Sinar Project.
MyCERT responded to Malay Mail on Saturday noon, and the website was later taken down that same day.
Read more on Malay Mail.
So the person who discovered the SQL injection vulnerability tried responsible disclosure and got ignored by a government agency? What consequences will there be for the employees who ignored the notification?