BPJS Watch React to the Alleged Social Security Data Breach

TEMPO.CO, Jakarta - One of Indonesia’s Social Security (BPJS) watchdog, BPJS Watch, on Sunday believes there are two likely culprits behind the massive data breach of 279 million users' confidential data. 

BPJS Watch coordinator, Timboel Siregar, argues that it might come from outside systems hacking the database of Indonesia’s national social security or an inside job where an individual within the social security administrator leaking the sensitive data. 

The coordinator stated in a written statement on May 23 that reads: “I tend to think it is caused by the first possibility. However, the investigation must consider both possibilities.” 

The initial news about the data breach first emerged on May 20th after a plethora of personal data had allegedly made its way onto an online forum as a subject of trading at raidforums.com by a reseller account under the identity of ‘Kotz.’

Data of more than 200 million BPJS participants that include people’s personal information from their names, ID numbers, ID cards, phone numbers, email accounts, up to wages had allegedly been compromised. 

On the same day the Communication and Informatics Ministry (Kominfo) announced they had blocked the website and the website’s user who allegedly leaked the personal information. The Kominfo then summoned the Healthcare and Social Security Administrator (BPJS Kesehatan) and agreed to investigate it deeper alongside the National Cyber and Encryption Agency (BSSN).

Tempo tried to obtain confirmation from the BPJS Kesehatan spokesperson, Iqbal Anas Ma’ruf and Kominfo spokesperson Dedy Permadi on the results of the ongoing investigation but none had answered Tempo’s requests. 

Read: 82.3% of Population Registered under BPJS Kesehatan as of March

FAJAR PEBRIANTO