Petaling Jaya MP Lee Chean Chung has escalated calls for the Selangor state government to conduct a thorough investigation into a cyberattack targeting the Selangor Intelligent Parking service, arguing that public accountability demands immediate and detailed disclosure of the incident's full scope and consequences.
In his statement, Lee outlined several critical areas requiring urgent clarification from state authorities. The government must provide citizens with clear answers regarding how the breach occurred, which personal information may have been compromised, the extent of data exposure across affected users, any potential financial costs arising from the incident, and a detailed roadmap of remedial measures being implemented to prevent future occurrences. Without such transparency, Lee contends that the state has failed in its fundamental obligation to the people who depend on these services.
The MP suggested an escalation mechanism should authorities prove unwilling to voluntarily release comprehensive information. If the Selangor government does not proactively furnish adequate explanations, Lee called for members of the state legislature to petition the Selangor Select Committee on Competency, Accountability and Transparency to convene a public hearing examining the cyberattack and its handling. This procedural option would create a formal mechanism for public accountability and legislative oversight at the state level.
Central to Lee's concerns is the vulnerability of personal data held within the system. Citizens who utilise the Selangor Intelligent Parking platform submit personal information and payment details as part of routine transactions, yet the breach raises troubling questions about whether inadequate cybersecurity measures left that sensitive information exposed to malicious actors. For many residents, the incident underscores broader anxieties about entrusting private details to digital government services.
This current controversy connects to Lee's longer-standing reservations about the privatisation model underlying the parking system. The MP has previously expressed apprehension regarding the outsourcing of core public digital infrastructure to private operators, viewing it as a risky approach that concentrates both operational control and access to citizen data within commercial hands. In July 2025, Lee had already demanded an immediate suspension of the Selangor Intelligent Parking system pending a comprehensive policy review and reassessment of its implementation framework.
The SIP model itself embodies a particular approach to public service delivery that carries significant financial and structural implications. Under the arrangement, private concessionaires retain half of all parking revenue collected through the system, creating ongoing financial incentives for the private operator but raising questions about whether this revenue-sharing model adequately prioritises public interest protection over corporate profitability. This financial dimension adds complexity to the debate over whether privatisation genuinely serves Selangor residents effectively.
Lee's critique positions the Selangor government's parking system strategy at odds with the Federal Government's stated digital policy direction. At the national level, authorities established GovTech as an institutional vehicle for strengthening Malaysia's in-house digital capabilities, reducing reliance on external private vendors, and breaking down information silos that have historically fragmented government agency operations. This national initiative reflects recognition that long-term government resilience requires building sustainable, internally managed technological capacity rather than perpetually outsourcing critical functions.
The contradiction Lee identifies is stark: while the Federal Government invests in building institutional digital competence and reducing vendor dependence, Selangor continues contracting with private operators for core parking infrastructure, including system management, deployment, and ongoing operations. This divergence suggests inconsistent governance philosophy across Malaysia's federal and state levels, with potential implications for citizens trying to navigate different digital service models depending on which jurisdiction they inhabit.
Lee emphasised that when citizens are obligated to share personal information and conduct daily financial transactions through government-linked digital platforms, the government shoulders a corresponding responsibility to safeguard that trust scrupulously. This principle extends beyond merely securing data technically; it encompasses transparency about breaches, honesty about vulnerabilities, and demonstrated commitment to remedying systemic failures. The parking system incident, from this perspective, represents not merely a technical failure but a breach of the implicit social contract between government and the governed.
The timing of Lee's renewed pressure is significant given the July 2025 context of his July 3 statement. The attack appears to have crystallised longstanding concerns into an immediate crisis demanding response. For Malaysian policymakers monitoring this situation, the incident exemplifies tensions between privatisation arguments emphasising efficiency and private-sector innovation, and accountability arguments emphasising public ownership of critical infrastructure and data security.
The Selangor case carries implications beyond one state's parking system. As Malaysia increasingly digitises government services, decisions about whether core infrastructure remains publicly managed or shifts to private operation will shape citizen trust in digital governance for years ahead. The cyberattack provides a concrete demonstration that these choices carry real consequences for data security and public accountability, potentially influencing how other states approach similar infrastructure decisions.
Lee's demand for the Select Committee hearing represents a procedural avenue for transforming technical incident into political accountability mechanism. Public hearings create space for citizen participation, media scrutiny, and legislative questioning in ways that private government inquiries cannot replicate. Whether Selangor authorities comply voluntarily or face formal legislative pressure will itself communicate volumes about the state government's genuine commitment to transparency and citizen protection in the digital age.
