Experian Malaysia gets BNM nod to resume CCRIS access
By Digital News Asia October 25, 2021
- Extensive internal security investigation clears consumer credit bureau’s systems
- Suspension ordered on 30 Sept after BNM found credible cyber security threat
Bank Negara Malaysia (BNM) has accepted the findings of the security assessment provided by Experian Information Services (Malaysia) Sdn Bhd and is restoring Experian’s access to the Central Credit Reference Information System (CCRIS) on 25 October 2021, with immediate effect. Experian’s services and reports containing CCRIS data will then be available as normal to all businesses and consumers.
On 30 Sept, BNM issued a temporary suspension of CCRIS access to all Credit Reporting Agencies (CRAs) including Experian as a proactive and precautionary measure due to a credible cyber threat.
In line with BNM’s directive, Experian conducted an extensive internal security investigation and engaged an independent global expert in cyber security to conduct a security compromise assessment. All investigations have found no evidence of any compromise in Experian’s systems, servers or facilities. Experian has also actively supported BNM in their investigation by providing all relevant compromise assessment documentation as requested by the central bank on 14 Oct.
Consequently, BNM has lifted the suspension of Experian’s access to CCRIS.
Experian is a global industry leader in data security, operating 24 consumer credit bureaux globally, and invests heavily in cyber security with specialist teams, state-of-the-art technology and rigorous due diligence procedures to deal with potential threats. Experian’s Global Security Operations Centre works around the clock to identify suspicious or malicious activity, with teams on the ground in Malaysia, the UK and the USA, as well as automated tools and AI.
“As cyberthreats mount and the complexity of such threats advance, Experian understands how critically important it is for us to maintain global, best-in-class information security systems and protocols in place to protect the data integrity of businesses and consumers today and for the future. We frequently conduct regular checks and audits to ensure that we protect our IT infrastructure, edge devices, networks, and data. Above and beyond this is our people investment which consists of global leading information and cybersecurity security professionals and consultants, who put our systems through rigorous and robust stress tests and reporting. Another additional area where we demonstrate our commitment to Malaysia is through our attainment as the country’s only CRA to be awarded the global ISO27001:2013 information security certification since 2017.”
“As the first CRA in Malaysia to have its CCRIS access reinstated, Experian is currently working actively with clients and consumers to provide the support they may need to re-establish any information gaps they may have experienced over the course of this temporary disruption. Our goal is to enable them to return to business as usual expeditiously, with the highest level of service and commitment they have always received,” assured Dawn Lai, CEO, Experian.
Experian continues to make its JagaMyID identity monitoring service available for free for 3 months to all Malaysians as a precautionary measure to help Malaysian consumers safeguard their identities on the dark web. Consumers are encouraged to register for their free 3-month subscription to Experian JagaMyID at https://www.mycreditinfo.com.my/ before 31 Oct.