Tokopedia Breach Exposes Govt's Lack of Personal Data Protection
5 May 2020 06:55 WIB
TEMPO.CO, Jakarta - The Indonesia Communication & Information System Security Research Center (CISSReC) on Monday reasserted the urgent need for House legislators to pass the personal protection data draft bill (RUU) after established e-commerce Tokopedia experienced a data breach that risked the personal data of 91 million users to the dark web market.
“It’s as if our society is left vulnerable in the wilderness without the personal data protection law (UU PDP). People’s personal data has been misused numerous times either online or offline and the most crucial part is that the people are not protected [by the law],” said CISSReC chairman Pratama Persadha on Monday.
He implied that Tokopedia must be held accountable for the alleged data breach but will be unable to be subjected to it as the government lacks the proper regulation overseeing this issue.
“Tokopedia users are currently an easy target for criminal acts through phishing,” the cybersecurity expert added.
Pratama Persadha again demanded accountability from Tokopedia as he argued the company did not immediately notify its customers about the incident, nor did they conduct other preventive measures. He argues that it would have been simply done by sending notifications to its users via email, text message, or Whatsapp messages.
The CISSReC chairman implied that the e-commerce must be prepared to face lawsuits if one of its users is a European Union country national as personal data security there is overseen by the General Data Protection Regulation (GDPR), which is roughly what the personal data protection draft law is slated to be, but at the global scale.
Reports on Sunday suggest that there had been a data breach on 91 million Tokopedia users and 7 million merchants that were believed to be transacted at the dark web market.