Blog

PDPA section 12B changed the game. If a data breach causes significant harm, silence is no longer an option. Here’s what every company must know.

It’s 2AM. You’re half-asleep, eyes glazed over, when the app hits you with a 50-page privacy policy. You click “Agree” faster than your brain can process the first sentence — not because you read it, but because you want access.

Ashley Madison was a mirror — not just to corporate negligence, but to human fragility. When private desires become public data, what does it reveal about our species — and our systems?

Where heartbreak ends, but access continues. A few months ago, a close client of mine reached out to me—not for love advice, but for something much messier: Digital closure.

Why Data Governance — Not Gadgets — Is Your Only Real Defense. Every cybersecurity vendor loves to throw around shocking ransomware figures — “$20 billion lost in 2021!” “$256 billion by 2031!” — but here’s the dirty little secret: Most of these numbers are as inflated as a crypto hype coin in 2021.

Most successful breaches don’t come through code — they come through curiosity, carelessness, or someone clicking the wrong link after a long lunch.

On May 27, 2025, Singapore awoke to another cybersecurity headline — a ransomware attack on DataPost, a third-party data handling firm, compromised personal information belonging to at least 146 policyholders of Income Insurance.

It’s Official: As of 1st June 2025, Malaysia’s new PDP (Amendment) Act 2024 is in full force, and companies that fall within the legal thresholds are now legally required to appoint a Data Protection Officer (DPO).

Why ISO 27001 ≠ GDPR (And Believing Otherwise Might Be Your Most Expensive Mistake Yet)

In 2014, a researcher built a personality quiz app that harvested not just the data of users who took the quiz, but also the data of their friends — without their knowledge or consent. This data (up to 87 million profiles) was then handed over to Cambridge Analytica, a political consulting firm.

The Dilemma that Data Protection Authorities in Malaysia and Singapore can no longer ignore

On March 23, 2025, Kuala Lumpur International Airport (KLIA) experienced a significant cyberattack that disrupted key systems and triggered a US$10 million ransom demand. While operations were restored and the ransom rejected, the incident is a wake-up call: ransomware threats are not just real—they’re growing, disruptive, and costly.

On the evening of 6 April 2025, a ransomware attack was reported by Toppan Next Tech (TNT) to the Personal Data Protection Commission (PDPC). The breach, which involved DBS Bank and the Bank of China (Singapore branch), resulted in customer information being exfiltrated by threat actors.

The biggest threat to your company’s data security isn’t always an external hacker — it could be the very people hired to protect it.

Starting June 1, 2025, Malaysia’s PDPA enters a new era—mandating DPOs, breach notifications, and data portability. These sweeping changes bring local companies in line with global privacy standards and demand urgent action from businesses. Here’s what you need to do before the deadline hits.

Romance scams aren’t simply financial crimes—they’re sophisticated psychological manipulations exploiting deep human vulnerabilities.

Most companies have appointed a DPO just to tick a compliance checkbox.

Imagine pouring billions into developing the most sophisticated AI model, only for someone halfway across the world to “distill” it, pirate its essence, and release a knockoff that’s cheaper, open-source, and celebrated as revolutionary.

Just seven days. That’s all it took for DeepSeek’s R1 model to shoot to the top of global app stores, displacing even OpenAI’s dominance like a rocket overtaking a jet.

When love is a bed of roses, it’s built on trust and vulnerability. We share everything—our secrets…

CNA exposes a disturbing truth: some repair shops snoop, copy, and exploit your personal data. Here’s why this still happens and how to stop it.

A ransomware attack hit at 12:34 AM. No backups. No margin for error. Here’s why the first 16 seconds decided everything and what most businesses get wrong.