The company is working with regulators to investigate the matter and assures that there will be no disruptions to its services.

[UPDATE: 29 Aug 2024 – 11:30am] 

senangPay has issued a follow up statement saying that it has taken all necessary actions and have fully resolved the data security issue. It added that all potential vulnerabilities have been addressed, with no disruption to its services throughout the process.

The company assures that its merchants’ information remains secure and all precautionary measures have been advised to them for further security enhancement. senangPay says it will continue to work closely with regulators on further inspections to mitigate any future security risks.

[Original Story: 28 Aug 2024 – 11:59am]

A threat actor has claimed responsibility for a data breach involving local payment solutions provider senangPay. In a post made on a dark web forum, the individual alleged that they had accessed the company’s systems and stolen a substantial amount of sensitive personal and financial data.

For the uninitiated, senangPay is an online payment gateway that enables merchants to receive and collect payments from customers through credit/debit cards, internet banking (FPX), BNPL (Buy Now, Pay Later) and e-wallets. It is managed by SimplePay Gateway Sdn Bhd, registered under Bank Negara Malaysia as a Merchant Acquiring Services provider, and is also a member partner to national payments network PayNet. Additionally, it is also registered with Mastercard International as a Payment Facilitator (PF) for the Asia Pacific region. In 2021, senangPay was acquired by Doku, a licensed payment fintech company in Indonesia.

According to the threat actor, the alleged stolen data includes personal information such as names, Malaysian IC numbers, phone numbers, email addresses, business registration details, and Malaysian bank BIN numbers. The breach reportedly involved three SQL files containing detailed datasets, including the main senangPay application database with 97 tables, a backup version of this file, and another file related to Zakat payments processed through its payment system.

The attacker is demanding a ransom of 2 BTC (~RM516,305) for the stolen data and has offered to handle the transaction through escrow services. senangPay has been given priority in purchasing the data, but the seller has also invited interested parties to contact them directly through the forum.

Responding to our request for comment, senangPay says it is aware of rumours regarding a data leak within its database. The company adds that it is taking such allegations seriously and is working closely with regulators to investigate this matter. senangPay is also assuring that there will be no disruption to its services.

(Source: dailydarkweb.net)