MyKad Identity Theft in Malaysia: How Your IC Number Gets Misused
Your MyKad IC number is more valuable than you think. Learn how identity thieves in Malaysia misuse IC numbers for loan fraud, SIM registration abuse, and more — and how to protect yourself.
MyKad Identity Theft in Malaysia: How Your IC Number Gets Misused
Your MyKad is more than just an identification card. It is the master key to your financial life in Malaysia. Your 12-digit IC number — your NRIC — is used to open bank accounts, apply for loans, register SIM cards, sign contracts, and access government services. When that number falls into the wrong hands, the consequences can be devastating.
In 2025, PDRM (Royal Malaysia Police) reported that identity theft cases involving MyKad information rose by over 40% compared to the previous year. Many victims only discover the fraud when debt collectors come knocking for loans they never took out.
How Your IC Number Gets Stolen
Physical MyKad Theft or Photocopying
Despite the push toward digital services, many Malaysian businesses still routinely photocopy your MyKad. Job applications, hotel check-ins, property viewings, gym memberships — your IC gets copied dozens of times throughout the year. Not all of these copies are stored securely, and some end up in the wrong hands.
Data Breaches
Malaysia has experienced several significant data breaches over the past few years. Databases containing millions of IC numbers, phone numbers, and addresses have been leaked and sold on underground forums. If your information was part of any of these breaches, criminals may already have your details.
Social Media Oversharing
Some Malaysians inadvertently expose their IC number through social media. Posting photos of new driving licenses, university ID cards, or even vaccination certificates can reveal enough personal information for identity fraud.
Phishing and Social Engineering
Scammers posing as bank officers, government officials, or delivery agents extract IC numbers through phone calls, WhatsApp messages, and fake forms. A common tactic involves fake LHDN (tax authority) messages asking you to "verify your identity" by providing your IC number and other personal details.
What Criminals Do with Your IC Number
| Type of Fraud | How It Works | Impact on Victim |
|---|---|---|
| Loan fraud | Apply for personal loans or credit cards using your IC | Victim inherits debt and credit record damage |
| SIM registration | Register prepaid SIM cards under your name | SIMs used for scam calls, you face investigation |
| Bank account opening | Open mule accounts for money laundering | Victim may be implicated in criminal activity |
| Government benefit fraud | Claim subsidies or benefits in your name | Legitimate claims get rejected |
| Hire purchase fraud | Buy vehicles or equipment on installment | Victim receives payment demands and legal action |
| Phone contract fraud | Sign postpaid mobile contracts | Unexpected bills and credit score damage |
The SIM Registration Problem
Since Malaysia's mandatory SIM registration under MCMC requires IC verification, stolen IC information is particularly valuable. Criminals register dozens of prepaid SIMs under victims' names and use them for scam operations. When authorities trace the scam calls, they lead back to the unsuspecting victim.
Loan Fraud: The Silent Destroyer
This is the most financially damaging form of IC fraud. Victims often discover it months or years later when they apply for their own loan and get rejected due to unpaid debts they never incurred. Some discover it when Angkatan Koperasi Kebangsaan Malaysia (ANGKASA) salary deductions appear on their payslip for loans they never took.
How to Check If Your IC Has Been Misused
- Check your CCRIS report at Bank Negara Malaysia — this shows all credit facilities registered under your IC. You can request a free report at any BNM office or through eCCRIS.
- Check CTOS — Malaysia's credit reporting agency. A CTOS report reveals any credit checks or loans associated with your IC number.
- Check with MCMC — Contact your telco providers to verify how many SIM cards are registered under your IC.
- Review your EPF and SOCSO — Verify that no unknown employers have registered contributions under your IC.
Protecting Your MyKad Information
Minimise Physical Copies
- Ask why before allowing anyone to photocopy your MyKad. Many situations do not legally require a copy.
- Request to show your MyKad instead of leaving a copy when possible.
- Watermark photocopies with the date, purpose, and company name written across the copy. This makes the copy harder to reuse for other purposes.
Digital Hygiene
- Never store unprotected photos of your MyKad on your phone or cloud storage.
- Do not share your IC number over WhatsApp or other messaging apps in plain text.
- When you must share IC information digitally, use encrypted methods.
LOCK.PUB provides a practical solution for this. You can create a password-protected memo containing your IC details, set it to expire after the recipient views it, and share the link separately from the password. This way, even if the link is intercepted, the information remains protected.
Monitor Regularly
- Set a calendar reminder to check your CCRIS report every six months.
- Enable SMS alerts on all your bank accounts.
- Register for CTOS alerts to be notified of any new credit checks on your IC.
What to Do If Your IC Has Been Misused
- Lodge a police report immediately. This is the foundation for all subsequent actions.
- Contact Bank Negara Malaysia — report the fraud through BNMTELELINK (1-300-88-5465) or BNMLINK.
- Notify all your banks — request them to flag your account and monitor for suspicious activity.
- Contact CTOS and CCRIS — request that the fraudulent entries be flagged and investigated.
- Report to MCMC if SIM cards were registered under your name without consent.
- Contact ANGKASA if unauthorized salary deductions appear.
Getting Fraudulent Loans Removed
This is the most challenging part. You need to:
- Provide the police report to the financial institution that issued the fraudulent loan.
- Submit a statutory declaration (SD) declaring you did not apply for the loan.
- Work with the credit bureau to dispute the entry.
The process can take months, which is why prevention is far more effective than cure.
Malaysia's Legal Framework
The Personal Data Protection Act 2010 (PDPA) provides some protection for personal data, but enforcement remains a challenge. The National Registration Department (JPN) has implemented security features in the MyKad chip, but many transactions still rely on the 12-digit number alone.
There is growing advocacy for Malaysia to adopt a system similar to South Korea's, where citizens can request alerts whenever their national ID is used for financial applications. Until such measures are implemented, individual vigilance is your best defence.
The Bottom Line
Your MyKad IC number is essentially your financial DNA in Malaysia. Treat it with the same care you would treat your bank PIN. Minimise who has access to it, monitor its use regularly, and never share it through unsecured channels.
Protect your sensitive personal data. Share IC numbers, bank details, and private documents securely through LOCK.PUB.
Keywords
You might also like
Ukrainian Tax ID (ІПН) Identity Theft: How to Protect Your Most Sensitive Number
Learn how criminals exploit Ukrainian tax identification numbers (ІПН) for identity theft, and discover practical steps to protect your personal data in Ukraine.
VPN and Privacy Guide for Ukrainians: Wartime Digital Security Essentials
A practical guide to VPNs, encrypted communications, and digital privacy for Ukrainians during wartime. Learn how to protect your data, communications, and online identity.
Bangladesh NID Identity Theft: How to Protect Your National ID from Fraud
Learn how criminals exploit your Bangladesh National ID Card (NID) for fraud, SIM registration, and fake loans. Practical steps to protect your identity.
Create your password-protected link now
Create password-protected links, secret memos, and encrypted chats for free.
Get Started Free