Petaling Jaya MP Lee Chean Chung has called on the Selangor state government to conduct a thorough inquiry into a cyberattack affecting the Selangor Intelligent Parking service, demanding full disclosure of the incident's origins, extent of compromised information, financial consequences, and remedial steps. The demand reflects growing scrutiny over the security of critical government digital infrastructure and the handling of sensitive citizen data by public agencies.
Lee has outlined the essential questions that authorities must address publicly, including clarification on what triggered the security breach, how much personal and transactional data may have been exposed, and what financial costs the state or residents may face as a result. Additionally, he insists the government must clearly communicate the preventive and remedial measures it intends to implement to prevent future incidents. Without such accountability, he contends that Selangor state representatives should escalate the matter to the Selangor Select Committee on Competency, Accountability and Transparency for an open hearing.
The potential compromise of residents' personal information stands as a particularly serious concern, with Lee flagging the vulnerability of citizens whose data is entrusted to government-operated digital platforms. This issue takes on heightened significance in Malaysia, where data breaches affecting government services can expose sensitive information including identity numbers, addresses, payment details, and transaction histories used by thousands of residents.
Lee's intervention reflects a deeper concern he has consistently raised regarding the privatisation of critical public digital infrastructure. In July 2025, he previously urged the immediate suspension of the Selangor Intelligent Parking system altogether, advocating for a comprehensive review of its policy direction and operational framework. His earlier warnings appear prescient in light of the recent security incident, suggesting systemic vulnerabilities in the current model.
The Selangor Intelligent Parking system operates under a model where private concessionaires receive half of all parking revenue collected through the service. This arrangement, while generating efficiency claims, means that commercially sensitive parking data and user information flow through private sector operators rather than remaining under direct government control. Lee argues this model fundamentally conflicts with Malaysia's broader push toward strengthening public-sector digital resilience and reducing dependence on external vendors.
The federal government's establishment of GovTech represents a strategic pivot toward building internal digital capabilities and reducing reliance on private external vendors. GovTech was conceived specifically to strengthen in-house expertise, diminish vulnerability to vendor lock-in, and eliminate fragmented data management across government agencies. However, Lee contends that Selangor's continued reliance on the Intelligent Parking system—managed and operated by private partners—runs counter to this national direction and undermines the foundational objectives of GovTech.
When governments require citizens to provide personal information and conduct daily transactions through digital systems, a fundamental social contract emerges whereby the government assumes responsibility for safeguarding that trust. Lee emphasises that this responsibility cannot be delegated away to private operators or treated as secondary to cost-efficiency considerations. The recent cyberattack raises legitimate questions about whether the current contractual and operational arrangements adequately prioritise data security and citizen protection over profit-sharing arrangements.
The structure of the Selangor Intelligent Parking model reveals a tension between short-term revenue generation and long-term institutional capacity-building. By outsourcing core parking system management to private concessionaires, the state government foregoes the opportunity to develop in-house expertise, control over critical infrastructure, and institutional knowledge that would strengthen Selangor's digital governance capabilities. Each breach or security incident demonstrates the costs of this approach in terms of public confidence, regulatory scrutiny, and potential financial liability.
For Malaysian readers and Southeast Asian observers, this incident exemplifies broader questions about how governments should structure relationships with private technology providers when citizens' personal data is at stake. The cyberattack on Selangor's parking system serves as a cautionary tale about the risks of fragmenting government digital infrastructure across multiple private vendors, each with different security standards, audit procedures, and accountability frameworks. As digital services become increasingly central to government-citizen interactions, the governance model chosen—whether public, private, or hybrid—carries consequences that extend far beyond parking convenience.
Lee's call for transparency and his advocacy for reassessing the Intelligent Parking model align with emerging best practices in digital governance worldwide, which emphasise government ownership of core systems, transparency in cybersecurity incidents, and prioritisation of data protection over commercial returns. The coming months will test whether Selangor's government responds adequately to these demands and whether the incident prompts broader policy reconsiderations across Malaysian states regarding the privatisation of essential digital services.
