HEADLINES

ank Negara Malaysia (BNM) has imposed a RM1 million administrative monetary penalty (AMP) on Bank Kerjasama Rakyat Malaysia Bhd (Bank Rakyat) over breaches involving cybersecurity. - Bernama file pic, April 1, 2026
News

Bank Rakyat fined RM1mil over cybersecurity and customer data lapses

BNM says weaknesses in cyber controls and incident response led to regulatory breaches after unauthorised access to the bank’s IT systems

Scoop Reporters
Updated
6:53 PM MYT

 

KUALA LUMPUR — Bank Negara Malaysia (BNM) has imposed a RM1 million administrative monetary penalty (AMP) on Bank Kerjasama Rakyat Malaysia Bhd (Bank Rakyat) over breaches involving cybersecurity and the protection of customer information.

The central bank said the penalty, imposed on January 20, 2026, followed the bank’s failure to meet cybersecurity standards required under the Risk Management in Technology Policy Document (RMiT PD), as well as shortcomings in safeguarding customer information under the Management of Customer Information and Permitted Disclosures Policy Document (MCIPD PD).

“BNM discovered that Bank Rakyat had breached several requirements under the RMiT PD and MCIPD PD following a cybersecurity incident in which an external threat actor gained unauthorised access to its information technology (IT) infrastructure.

“These breaches were attributed to inadequate cybersecurity controls and incident response,” it said.

BNM said Bank Rakyat has since undertaken remedial measures to reinforce its cybersecurity and information and communications technology (ICT) controls, while also improving resources and governance arrangements.

In determining the amount of the AMP, the central bank said it had weighed both aggravating and mitigating factors.

“These include the severity of the breaches and Bank Rakyat’s lack of reasonable care in ensuring compliance with the RMiT PD and MCIPD PD requirements; current controls to ensure compliance with the requirements; past compliance record; and post-misconduct behaviour and the effectiveness of remedial actions to prevent the recurrence of non-compliances,” it said.

The penalty was fully paid on January 26, 2026.

BNM reiterated that all financial institutions are required to comply fully with both policy documents and warned that enforcement action would continue against institutions that fall short of legal or regulatory obligations.

“BNM will not hesitate to take appropriate supervisory and enforcement actions should any FI fail to meet legal and/or regulatory requirements.

“The enforcement action taken against Bank Rakyat is in line with the approach and processes outlined in BNM’s published Enforcement Approach,” said the central bank. – April 1, 2026

Topics

 

Popular

Jangan buang kucing di pasar, hantar ke pusat perlindungan jalan terbaik

Tindakan itu juga satu kesalahan di bawah Akta Kebajikan Haiwan 2015

Syed Saddiq freed of all charges in Armada funds case

Court of Appeal rules prosecution failed to prove dishonest intent in RM1 million CBT and money laundering case

Best results since 2013: SPM 2024 shows improvement across the board

14,179 students scored straight A’s, significantly increasing from 11,713 last year and highest number in over a decade

Related

Copyright © 2023. All rights reserved.