Petaling Jaya MP Lee Chean Chung has called on the Selangor government to launch a thorough investigation into a cyberattack that compromised the Selangor Intelligent Parking service, demanding answers on how the breach occurred, what personal data was exposed, and what steps authorities are taking to prevent future incidents.

In a Facebook statement released Friday, Lee stressed that residents deserve clarity on the financial consequences of the attack and the measures being implemented to shore up the system's defences. He argued that without satisfactory transparency from state officials, lawmakers should escalate the matter by requesting the Selangor Select Committee on Competency, Accountability and Transparency to convene a public hearing, signalling that parliamentary oversight may be necessary if voluntary disclosure proves inadequate.

Central to Lee's concerns is the fate of citizens' personal information. He warned that the cyberattack may have resulted in the compromise of sensitive data belonging to ordinary Selangor residents who rely on the parking service. This risk underscores a broader vulnerability in government digital systems, particularly when critical infrastructure is managed through private operators rather than maintained entirely within the public sector.

The MP's intervention reflects long-standing reservations he has harboured about the privatisation model underpinning Selangor's parking initiative. In July 2025, Lee had already called for an immediate halt to the Selangor Intelligent Parking system, urging state officials to comprehensively review both the policy direction and implementation framework guiding its rollout. His latest statement indicates that the cyberattack has vindicated those earlier warnings and intensified the urgency of his position.

Under the Selangor Intelligent Parking arrangement, private concessionaires receive a significant portion of revenue collected from parking transactions, with half of all income flowing to the private operator. This revenue-sharing structure creates financial incentives that may not always align with public interest objectives such as data security and system resilience. Lee's objection is not merely to technology partnerships per se, but to a model that distributes substantial public resources and operational control to external commercial entities.

Lee articulated a philosophical disagreement with Selangor's current trajectory. He contends that the state is moving in a direction contrary to the Federal Government's strategic vision for the public sector, which emphasises building robust in-house digital capabilities. The Federal Government established GovTech specifically to strengthen Malaysia's capacity to develop and maintain digital systems independently, reduce reliance on external vendors, and eliminate data fragmentation across government agencies. Selangor's continued embrace of private partnerships, in this context, represents a step backwards.

The tension Lee identifies reflects a fundamental question about governance in the digital age. When citizens are asked to share personal information with government-linked digital platforms—whether for parking permits, licence applications, or other services—there is an implicit social contract that the government will safeguard that data with the utmost care. Privatising the operation of such systems, Lee suggests, creates a diffusion of responsibility that ultimately weakens accountability and undermines public trust.

The Selangor Intelligent Parking system illustrates how technological convenience can introduce hidden governance risks. While app-based parking and digital payment systems offer genuine benefits to users, outsourcing their management to private operators introduces cybersecurity challenges that may exceed the capacity of smaller commercial entities to manage. Major cyberattacks on government systems have become increasingly common globally, and Malaysian authorities have experienced notable breaches in recent years affecting various state and federal systems.

Lee's call for a select committee hearing, should transparency be withheld, represents a significant escalation. Such proceedings would place senior Selangor government officials and the private concessionaire under public scrutiny, potentially revealing details about security protocols, incident response timelines, and the adequacy of data protection measures. This mechanism of parliamentary accountability is particularly important when commercial confidentiality claims might otherwise shield operational details from public view.

The broader implications of this controversy extend beyond Selangor's borders. Other Malaysian states and municipalities are also exploring public-private partnerships for digital services, parking systems, and related infrastructure. The Selangor case provides an instructive lesson about the risks of such arrangements and the importance of maintaining strong public-sector digital capabilities. As Malaysia pursues digital transformation across government, questions about infrastructure ownership, data sovereignty, and citizen protection will become increasingly central to policymaking.

Lee's intervention also reflects growing political momentum around digital rights and cybersecurity governance in Malaysia. Constituencies increasingly expect lawmakers to scrutinise government technology decisions, not merely from an efficiency standpoint but from the perspective of citizen protection and the preservation of public assets. The Selangor parking cyberattack, in this sense, has become a focal point for broader anxieties about how digital government services are managed and who bears responsibility when things go wrong.