MHAG
Company Details
Linkedin ID:
ministry-of-home-affairs-mha-
Website:
Employees number:
1,972
Number of followers:
9,210
NAICS:
8135
Industry Type:
Homepage:
mha.gov.in
IP Addresses:
0
Company ID:
MIN_2717114
Scan Status:
In-progress
Ministry Of Home Affairs (mha), GOI Company CyberSecurity Posture
mha.gov.in
TheÊMinistry of Home AffairsÊ(MHA) or Home Ministry (IAST: G_ha Ma_tr_laya) is a ministry of the Government of India
Ministry Of Home Affairs (mha), GOI A.I CyberSecurity Scoring
MHAG Risk Score (AI oriented)Between 700 and 749
MHAG
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
MHAG Global Score (TPRM)XXXX
MHAG
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
MHAG Company CyberSecurity News & History
Past Incidents
1
Attack Types
1
Ministry of Home Affairs
Breach
Rankiteo Explanation
Attack without any consequences: Attack in which data is not compromised
Description: Malaysia’s home minister, Datuk Seri Saifuddin Nasution Ismail, had his WhatsApp account compromised by an attacker using a VPN. The hacker sent malicious links to the minister's contacts, but no financial losses were reported. The Ministry of Home Affairs confirmed the breach and urged the public not to respond to suspicious messages. The incident is under investigation, and law enforcement is working to determine the hacker’s location. This attack has raised concerns about Malaysia’s cybersecurity measures.
MHAG Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for MHAG
Incidents vs Non-profit Organizations Industry Average (This Year)
No incidents recorded for Ministry Of Home Affairs (mha), GOI in 2026.
Incidents vs All-Companies Average (This Year)
No incidents recorded for Ministry Of Home Affairs (mha), GOI in 2026.
Incident Types MHAG vs Non-profit Organizations Industry Avg (This Year)
No incidents recorded for Ministry Of Home Affairs (mha), GOI in 2026.
Incident History — MHAG (X = Date, Y = Severity)
MHAG cyber incidents detection timeline including parent company and subsidiaries
MHAG Company Subsidiaries
TheÊMinistry of Home AffairsÊ(MHA) or Home Ministry (IAST: G_ha Ma_tr_laya) is a ministry of the Government of India
Loading...
MHAG Similar Companies
AIESEC
AIESEC develops leadership among youth aged 18 to 30 and contributes to strengthening the global employability market by providing an end-to-end international talent recruitment solution for Enterprises, NGOs, and Start-ups. AIESEC is the world's largest youth-run organization developing the leader
The American Red Cross prevents and alleviates human suffering in the face of emergencies by mobilizing the power of volunteers and the generosity of donors. Each day, thousands of people – people just like you – provide compassionate care to those in need. Our network of generous donors, voluntee
UNICEF
UNICEF works in some of the world’s toughest places, to reach the world’s most disadvantaged children. To save their lives. To defend their rights. To help them fulfill their potential. Across 190 countries and territories, we work for every child, everywhere, every day, to build a better world fo
International Rescue Committee
The International Rescue Committee responds to the world’s worst humanitarian crises and help people to survive, recover, and gain control of their future. Founded in 1933 at the request of Albert Einstein, the IRC offers lifesaving care and life-changing assistance to refugees and displaced peopl
IEEE is the world’s largest technical professional organization and is a public charity dedicated to advancing technological innovation and excellence for the benefit of humanity. IEEE and its members inspire a global community through its highly cited publications, conferences, technology standards
British Council
We support peace and prosperity by building connections, understanding and trust between people in the UK and countries worldwide. We uniquely combine the UK’s deep expertise in arts and culture, education and the English language, our global presence and relationships in over 100 countries, our un
The Salvation Army
The Salvation Army is the nation's largest direct provider of social services. Annually, we help millions overcome poverty, addiction, and spiritual and economic hardships by preaching the gospel of Jesus Christ and meeting human needs in His name without discrimination in nearly every zip code.
Médecins Sans Frontières (MSF)
Médecins Sans Frontières (MSF) is an international, independent, medical humanitarian organisation working to provide medical assistance to people affected by conflict, epidemics, disasters, or exclusion from healthcare. Since our founding in 1971, we’ve grown to a global movement delivering human
International Committee of the Red Cross - ICRC
Established in 1863, the International Committee of the Red Cross (ICRC) works worldwide to provide humanitarian help for people affected by conflict and armed violence and to promote the laws that protect victims of war. An independent and neutral organization, its mandate stems essentially from th
.png)
MHAG CyberSecurity News
December 10, 2025 08:00 AM
From Data Breaches to Digital Warfare: Why India Must Establish a Ministry of Cyber Security Now
India's fragmented cybersecurity framework is failing against rising cyber threats. This report explains why a unified Ministry of Cyber...
December 08, 2025 08:00 AM
Union Minister Amit Shah Inaugurates ‘Earth Summit 2025’ in Gandhinagar, Gujarat
The Union Minister Amit Shah, Ministry of Home Affairs (MHA) and Ministry of Cooperation inaugurated the “EARTH Summit 2025”,...
November 25, 2025 08:00 AM
Ministry of Home Affairs Commends Innefu Labs’ AI-Powered National & Cyber Security Products for Excellence in Project Nirbhaya,Ahmedabad Safe City
New Delhi- Innefu Labs, a leading Indian AI-driven Company in National and Cyber Security, announced that its flagship products Innsightand...
October 10, 2025 07:00 AM
MHA Announces I4C Winter Internship 2025 on Cybercrime: Application Link and Eligibility
Our Web Correspondent. Posted on 10 Oct 2025. 12:07 PM. File Image. Summary. The Ministry of Home Affairs (MHA), through its Indian Cyber Crime Coordination...
September 01, 2025 07:00 AM
Mapping India’s Cybersecurity Administration in 2025
This article highlights the significance of the recent Allocation of Business Rules amendment and maps and analyzes India's current...
August 25, 2025 07:00 AM
Jammu & Kashmir Government Cracks Down on Data Breaches: USB Drives & WhatsApp Banned, Secure Channels Made Mandatory
J&K Govt bans USB/pen drives and WhatsApp for official use, mandates secure channels per MHA, CERT-In directives; order effective 25 August...
July 25, 2025 07:00 AM
MHA issues security advisory to higher edu instts
Prayagraj: In a significant security advisory dated July 14, the Ministry of Home Affairs has issued a detailed letter to vice-chancellors...
July 13, 2025 07:00 AM
Gauhati University NSS cell holds lecture on cyber security
Gauhati University NSS Cell held a cyber security lecture on July 11 under the national Cyber Security Internship by I4C, MHA, Govt of India...
May 24, 2025 07:00 AM
Preventing cybercrimes: A handy guide
In 2024, people in Karnataka lost Rs 2948.08 crore in more than 1,36209 cyber fraud incidents reported on the National Crime Reporting...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
MHAG CyberSecurity History Information
Official Website of Ministry Of Home Affairs (mha), GOI
The official website of Ministry Of Home Affairs (mha), GOI is http://www.mha.gov.in.
Ministry Of Home Affairs (mha), GOI’s AI-Generated Cybersecurity Score
According to Rankiteo, Ministry Of Home Affairs (mha), GOI’s AI-generated cybersecurity score is 713, reflecting their Moderate security posture.
How many security badges does Ministry Of Home Affairs (mha), GOI’ have ?
According to Rankiteo, Ministry Of Home Affairs (mha), GOI currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Has Ministry Of Home Affairs (mha), GOI been affected by any supply chain cyber incidents ?
According to Rankiteo, Ministry Of Home Affairs (mha), GOI has not been affected by any supply chain cyber incidents, and no incident IDs are currently listed for the organization.
Does Ministry Of Home Affairs (mha), GOI have SOC 2 Type 1 certification ?
According to Rankiteo, Ministry Of Home Affairs (mha), GOI is not certified under SOC 2 Type 1.
Does Ministry Of Home Affairs (mha), GOI have SOC 2 Type 2 certification ?
According to Rankiteo, Ministry Of Home Affairs (mha), GOI does not hold a SOC 2 Type 2 certification.
Does Ministry Of Home Affairs (mha), GOI comply with GDPR ?
According to Rankiteo, Ministry Of Home Affairs (mha), GOI is not listed as GDPR compliant.
Does Ministry Of Home Affairs (mha), GOI have PCI DSS certification ?
According to Rankiteo, Ministry Of Home Affairs (mha), GOI does not currently maintain PCI DSS compliance.
Does Ministry Of Home Affairs (mha), GOI comply with HIPAA ?
According to Rankiteo, Ministry Of Home Affairs (mha), GOI is not compliant with HIPAA regulations.
Does Ministry Of Home Affairs (mha), GOI have ISO 27001 certification ?
According to Rankiteo,Ministry Of Home Affairs (mha), GOI is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Ministry Of Home Affairs (mha), GOI
Ministry Of Home Affairs (mha), GOI operates primarily in the Non-profit Organizations industry.
Number of Employees at Ministry Of Home Affairs (mha), GOI
Ministry Of Home Affairs (mha), GOI employs approximately 1,972 people worldwide.
Subsidiaries Owned by Ministry Of Home Affairs (mha), GOI
Ministry Of Home Affairs (mha), GOI presently has no subsidiaries across any sectors.
Ministry Of Home Affairs (mha), GOI’s LinkedIn Followers
Ministry Of Home Affairs (mha), GOI’s official LinkedIn profile has approximately 9,210 followers.
NAICS Classification of Ministry Of Home Affairs (mha), GOI
Ministry Of Home Affairs (mha), GOI is classified under the NAICS code 8135, which corresponds to Others.
Ministry Of Home Affairs (mha), GOI’s Presence on Crunchbase
No, Ministry Of Home Affairs (mha), GOI does not have a profile on Crunchbase.
Ministry Of Home Affairs (mha), GOI’s Presence on LinkedIn
Yes, Ministry Of Home Affairs (mha), GOI maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/ministry-of-home-affairs-mha-.
Cybersecurity Incidents Involving Ministry Of Home Affairs (mha), GOI
As of January 25, 2026, Rankiteo reports that Ministry Of Home Affairs (mha), GOI has experienced 1 cybersecurity incidents.
Number of Peer and Competitor Companies
Ministry Of Home Affairs (mha), GOI has an estimated 21,306 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Ministry Of Home Affairs (mha), GOI ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach.
What was the total financial impact of these incidents on Ministry Of Home Affairs (mha), GOI ?
Total Financial Loss: The total financial loss from these incidents is estimated to be $0.
How does Ministry Of Home Affairs (mha), GOI detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an incident response plan activated with unknown, and law enforcement notified with yes, and communication strategy with public advisory to ignore messages..
Incident Details
Can you provide details on each incident ?
Title: Malaysia Home Minister's WhatsApp Account Hacked
Description: Malaysia’s home minister had his WhatsApp account hacked and then abused to send malicious links to his contacts.
Date Detected: 2023-10-06
Date Publicly Disclosed: 2023-10-06
Type: Phishing
Attack Vector: WhatsApp Account Compromise
Vulnerability Exploited: Unspecified
Threat Actor: Unknown
Motivation: Financial, Data Theft
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through WhatsApp Account.
Impact of the Incidents
What was the impact of each incident ?
Incident : Phishing MIN739060225
Financial Loss: None reported
Data Compromised: Unknown
Systems Affected: WhatsApp
Brand Reputation Impact: Public criticism and ridicule
What is the average financial loss per incident ?
Average Financial Loss: The average financial loss per incident is $0.00.
Which entities were affected by each incident ?
Incident : Phishing MIN739060225
Entity Name: Datuk Seri Saifuddin Nasution Ismail
Entity Type: Government Official
Industry: Government
Location: Malaysia
Customers Affected: WhatsApp contacts
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Phishing MIN739060225
Incident Response Plan Activated: Unknown
Law Enforcement Notified: Yes
Communication Strategy: Public advisory to ignore messages
What is the company's incident response plan?
Incident Response Plan: The company's incident response plan is described as Unknown.
Lessons Learned and Recommendations
What lessons were learned from each incident ?
Incident : Phishing MIN739060225
Lessons Learned: Mobile phishing scams are increasingly common in Malaysia.
What recommendations were made to prevent future incidents ?
Incident : Phishing MIN739060225
Recommendations: Increase cybersecurity measures and public awareness.
What are the key lessons learned from past incidents ?
Key Lessons Learned: The key lessons learned from past incidents are Mobile phishing scams are increasingly common in Malaysia.
What recommendations has the company implemented to improve cybersecurity ?
Implemented Recommendations: The company has implemented the following recommendations to improve cybersecurity: Increase cybersecurity measures and public awareness..
References
Where can I find more information about each incident ?
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Police Press ConferenceDate Accessed: 2023-10-06.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Phishing MIN739060225
Investigation Status: Ongoing
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Public advisory to ignore messages.
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Phishing MIN739060225
Entry Point: WhatsApp Account
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Phishing MIN739060225
Root Causes: Unknown
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident was an Unknown.
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2023-10-06.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2023-10-06.
Impact of the Incidents
What was the highest financial loss from an incident ?
Highest Financial Loss: The highest financial loss from an incident was None reported.
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident was Unknown.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach was Unknown.
Lessons Learned and Recommendations
What was the most significant lesson learned from past incidents ?
Most Significant Lesson Learned: The most significant lesson learned from past incidents was Mobile phishing scams are increasingly common in Malaysia.
What was the most significant recommendation implemented to improve cybersecurity ?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Increase cybersecurity measures and public awareness..
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident is Police Press Conference.
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Ongoing.
Initial Access Broker
What was the most recent entry point used by an initial access broker ?
Most Recent Entry Point: The most recent entry point used by an initial access broker was an WhatsApp Account.
.png)
Latest Global CVEs (Not Company-Specific)
Description
The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the processBackgroundAction() function in all versions up to, and including, 10.0.04. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify global map engine settings.
Risk Information
cvss3
Base: 5.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Description
The Save as PDF Plugin by PDFCrowd plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘options’ parameter in all versions up to, and including, 4.5.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. NOTE: Successful exploitation of this vulnerability requires that the PDFCrowd API key is blank (also known as "demo mode", which is the default configuration when the plugin is installed) or known.
Risk Information
cvss3
Base: 6.1
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Description
The Hustle – Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to arbitrary file uploads due to incorrect file type validation in the action_import_module() function in all versions up to, and including, 7.8.9.2. This makes it possible for authenticated attackers, with a lower-privileged role (e.g., Subscriber-level access and above), to upload arbitrary files on the affected site's server which may make remote code execution possible. Successful exploitation requires an admin to grant Hustle module permissions (or module edit access) to the low-privileged user so they can access the Hustle admin page and obtain the required nonce.
Risk Information
cvss3
Base: 7.5
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Description
The WP Directory Kit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.9 via the wdk_public_action AJAX handler. This makes it possible for unauthenticated attackers to extract email addresses for users with Directory Kit-specific user roles.
Risk Information
cvss3
Base: 5.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Description
The Meta-box GalleryMeta plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Risk Information
cvss3
Base: 4.4
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
References
- https://plugins.trac.wordpress.org/browser/meta-box-gallerymeta/tags/3.0.1/gallerymetaboxes.php#L119
- https://plugins.trac.wordpress.org/browser/meta-box-gallerymeta/tags/3.0.1/gallerymetaboxes.php#L314
- https://plugins.trac.wordpress.org/browser/meta-box-gallerymeta/tags/3.0.1/templates/single-mb_gallery.php#L31
- https://plugins.trac.wordpress.org/browser/meta-box-gallerymeta/tags/3.0.1/templates/single-mb_gallery.php#L33
- https://www.wordfence.com/threat-intel/vulnerabilities/id/bb9ae252-7e5f-4dc0-a162-100493b81980?source=cve
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=ministry-of-home-affairs-mha-' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
