Petaling Jaya MP Lee Chean Chung has intensified pressure on the Selangor government to conduct a thorough investigation into a significant cyberattack targeting the Selangor Intelligent Parking service, demanding that authorities publicly disclose crucial details about the security incident that has raised serious concerns about data protection and digital infrastructure management in the state.
In a detailed statement released on Friday, Lee outlined four critical areas requiring urgent clarification from state authorities: the root cause of the security breach, the extent of citizen data that may have been compromised, the financial damage sustained by the incident, and the specific remedial steps being implemented to prevent future occurrences. The MP emphasised that withholding this information would constitute a failure to meet public accountability standards, particularly when residents' sensitive personal information potentially remains at risk.
Should the Selangor government fail to provide satisfactory responses, Lee has signalled his willingness to escalate the matter through formal parliamentary channels. He indicated that state representatives could petition the Selangor Select Committee on Competency, Accountability and Transparency to initiate a public hearing, transforming what is currently a security incident into a broader examination of government digital governance failures.
The cyberattack represents a concerning development that extends beyond mere technical failure. Citizens' personal data—including identification numbers, contact information, and payment records—may now be exposed to malicious actors, creating a potential cascade of identity theft, financial fraud, and privacy violations. This risk underscores the vulnerability inherent in government systems handling sensitive citizen information without adequate protective measures.
Lee's concerns are rooted in a broader critique of Selangor's digital infrastructure strategy that he has articulated since mid-2025. In July, he called for an immediate suspension of the Selangor Intelligent Parking system and advocated for a comprehensive policy review, citing fundamental structural problems with the implementation model. His objections revolve around the state's reliance on private sector partnerships to operate critical public digital systems—an approach he views as fundamentally misaligned with modern governance principles.
The financial structure of the Selangor Intelligent Parking model intensifies these concerns. Under the current arrangement, private concessionaire operators retain half of all parking revenue collected, creating a scenario where public assets generate private profits while citizens bear the security risks. This revenue-sharing mechanism has drawn criticism from Lee as an inefficient use of public funds that simultaneously enriches private operators while leaving the state vulnerable to operational failures and security breaches they manage.
Lee contextualises the Selangor government's approach as running counter to federal policy direction. The Malaysian government has invested significantly in establishing GovTech as a strategic initiative specifically designed to build robust in-house digital capabilities, reduce reliance on external vendors, and eliminate fragmented data management across government agencies. By expanding the Selangor Intelligent Parking system through private partnerships, the state is essentially swimming against the tide of national digital transformation efforts aimed at creating independent, resilient public-sector technology ecosystems.
The core tension Lee identifies reflects a fundamental tension in governance: when citizens are compelled to interact with government-managed digital systems—whether parking applications, payments, or data submissions—they enter into an implicit social contract assuming the state will safeguard their information with the highest standards of security and protection. The cyberattack represents a breach of this fundamental trust, raising uncomfortable questions about whether the Selangor government can adequately protect citizen data when core infrastructure operations remain contracted to private entities whose primary obligation is profit maximisation rather than public welfare.
This incident carries broader implications for Southeast Asian governance. Malaysia, like many regional governments, is navigating the complex balance between leveraging private sector efficiency and maintaining public control over critical digital infrastructure. The Selangor parking breach provides a cautionary case study: outsourcing core digital systems to private operators may deliver short-term revenue advantages, but it simultaneously concentrates security risks, complicates accountability frameworks, and undermines long-term public-sector digital autonomy.
For Malaysian citizens, the incident highlights the urgent need for comprehensive data protection legislation and mandatory cybersecurity standards for all government-linked digital platforms. Currently, the regulatory framework remains fragmented, with various agencies operating under different security protocols. The parking system breach demonstrates the consequences of this fragmentation and the absence of unified oversight standards.
Lee's demand for transparency should resonate beyond Selangor, prompting similar scrutiny of digital infrastructure partnerships across other Malaysian states. If the Selangor government continues resisting full disclosure, it will effectively acknowledge that the public's right to information about their own data security is subordinate to protecting private operator interests—a position that becomes increasingly untenable in an era of heightened cybersecurity threats.
The pathway forward requires the Selangor government to move beyond damage control rhetoric and implement genuine transparency measures. This means releasing detailed incident reports, specifying the number of citizens affected, clarifying financial implications, and fundamentally reconsidering the privatised model that permitted this vulnerability. Only through such comprehensive accountability can the state rebuild citizen confidence in its digital infrastructure and demonstrate commitment to the principles that should govern government technology stewardship.
