Petaling Jaya Member of Parliament Lee Chean Chung has called on the Selangor government to launch a comprehensive investigation into a cyberattack targeting the Selangor Intelligent Parking service, arguing that citizens deserve full transparency about what went wrong and how the breach will be remedied. In remarks made Friday, Lee stressed that state authorities must explain to the public the precise cause of the security failure, the extent of personal information that may have been exposed, the financial damage sustained, and the concrete steps being implemented to prevent future incidents.
The lack of forthright communication from officials has prompted Lee to suggest an escalation of the matter within Selangor's legislative structures. Should the government fail to provide adequate disclosure voluntarily, he has proposed that state representatives petition the Selangor Select Committee on Competency, Accountability and Transparency to convene a public hearing to investigate the incident thoroughly. This procedural avenue would compel officials to testify under formal conditions and create an auditable record of findings that the electorate can scrutinise.
One of Lee's central concerns centres on the exposure of citizens' personal data through the compromised parking platform. Individuals who use the Selangor Intelligent Parking system have submitted sensitive information—names, identity card numbers, vehicle registration details, and payment card information—in the course of routine transactions. A breach of such magnitude raises immediate questions about identity theft risks and financial fraud exposure for potentially thousands of residents across the Klang Valley and surrounding areas.
Lee's response to the cyberattack reflects a broader apprehension he has articulated previously regarding the outsourcing of critical public digital infrastructure to private contractors. In July 2025, he had already raised red flags about the Selangor Intelligent Parking model itself, calling for the system's immediate suspension and urging a comprehensive policy review. Under the current arrangement, half of all parking revenue collected flows to a private concessionaire operating the platform, creating financial incentives that may not align perfectly with public interest priorities such as cybersecurity investment and data protection.
The structural arrangement underlying the Selangor Intelligent Parking service exemplifies what Lee characterises as a problematic trajectory for state-level digital governance. Rather than building internal technical capacity and maintaining control over sensitive citizen data, Selangor has opted to entrust core parking infrastructure—and the personal information it processes—to external commercial operators whose primary obligation is to shareholders. This approach, Lee contends, runs counter to the strategic direction being pursued at the federal level.
The Federal Government's establishment of GovTech represents a deliberate policy choice to strengthen domestic digital capabilities, reduce reliance on vendor lock-in, and eliminate data fragmentation across government agencies. By consolidating expertise and infrastructure under public stewardship, GovTech aims to build long-term resilience and ensure that sensitive information remains subject to government oversight rather than dispersed among multiple private entities. Selangor's continued reliance on private-sector partnerships for core digital services therefore creates a divergence in approach that risks leaving the state vulnerable to exactly the sort of security incidents now unfolding.
Lee's critique highlights a fundamental tension in how governments balance efficiency and cost-sharing through private partnerships against the imperative to safeguard citizen data and maintain strategic control over digital infrastructure. When residents provide their personal information to government-operated systems, they do so based on an implicit social contract: that the state will treat such information as a sacred trust and invest appropriately in its protection. Private operators, bound by commercial considerations and profit maximisation, may struggle to meet the same standard of stewardship that citizens reasonably expect from public institutions.
The cyberattack on the Selangor Intelligent Parking service arrives at a moment of heightened sensitivity around data security across Southeast Asia. Malaysia has experienced a series of high-profile breaches in recent years affecting government and private-sector digital platforms, eroding public confidence in cybersecurity practices. Each incident generates fresh questions about whether organisations—particularly those handling government functions—have invested adequately in defensive technologies, staff training, and incident response protocols. The parking system breach therefore carries implications beyond Selangor itself, contributing to a broader narrative about the region's readiness to protect digital infrastructure from sophisticated threat actors.
For Malaysian policymakers and stakeholders monitoring the situation, the case illustrates the stakes involved in decisions about public-private partnerships for digital services. While such arrangements can deliver cost efficiencies and technical expertise in the short term, they introduce dependencies and dilute accountability in ways that may prove costly if security incidents occur. Lee's advocacy for transparency and for reconsidering the underlying model reflects a growing awareness among elected representatives that digital infrastructure decisions carry security and governance implications that warrant scrutiny from elected bodies and the public they serve.
The demand for a public hearing into the incident would provide an opportunity to examine not only how the breach occurred and how it was handled, but also to assess whether the privatised model of parking system management is compatible with modern data protection standards and public expectations around government transparency. Such proceedings would generate detailed findings that could inform future policy decisions about which government services should remain under direct public control and which might appropriately be delegated to private operators under carefully structured oversight arrangements.
