6 Major Data Breach Cases in Indonesia in Past 1.5 Years

3 September 2021 11:45 WIB

Officers serve participants from the Health Social Security Administering Body (BPJS) at the Central Jakarta Branch Office, Friday, May 28, 2021. BPJS Kesehatan has now submitted a report to the National Police Bareskim regarding the alleged data leakage and sale of 279 million Indonesian citizens by an account named Kotz at Raid Forums, raidforums .com. ANTARA PHOTOS/M Risyal Hidayat

TEMPO.CO, Jakarta - Indonesians were recently stunned by yet another news of a major data breach, reported by vpnMentor researchers, that exposed personal data of 1.3 million people registered in the country’s electronic Health Alert Card (eHAC) system, a government tracing app used to tackle Covid-19. 

This potentially presents risk for the user data exploitation as it leaked names, home addresses, ID numbers, Covid-19 hospital tests, and more. However, a Health Ministry representative insisted that the data collected by eHAC had not been breached. 

Here are 5 more examples of data breach cases, both allegedly and confirmed, that happened in Indonesia for the past year and a half.

1. Healthcare and Social Security Agency (BPJS Kesehatan) 

In May, the personal data of BPJS Kesehatan users was sold in an online forum known as Raid Forums for the price of 0.15 bitcoins by a user called ‘Kotz.’ Tempo confirmed this to cybersecurity expert from Vaksincom, Alfons Tanujaya, to which he answered: “It seems to be confirmed,” on May 20, 2021. 

Not long after the news broke out, BPJS Kesehatan director Ali Ghufron Mukti acknowledged that a number of users' data from his institution had been sold on the internet. 

2. Cermati and Lazada 

The data breach of the two websites was once again revealed after 2.9 million personal users’ data were sold in Raidforums at the end of 2020. As for Lazada, at least 1.1 million data was sold illegally, which involved Redmart databased hosted by a third party.

3, BRI Life 

The data breach of BRI Life was first known after a Twitter account under the name @HRock revealed that data of 2 million of the life insurance’s customers were sold online for US$7,000. Based on the account’s image post, exposed data include electronic ID card information, birth certificate, and health track records. 

4. Tokopedia 

In May 2020, millions of personal data was non-consensually stolen from the popular e-commerce. Some even claimed the exposed 91 million personal data was sold for US$5,000. At the time, Tokopedia representative asserted that the incident was not an attempt to steal personal data. 

5. General Elections Commission (KPU) 

An internet user claimed to have information of the breach of 2.3 million Indonesians from the General Elections Commission (KPU) website back in May 2021. This user believed the data breach took place since 2013 and claimed that the hackers threaten to leak 200 million more.

Read: Govt Ensures No Data Leak in Health Alert Card System

CAESAR AKBAR 




Expert Comments on Effectiveness of Personal Data Protection Act

12 hari lalu

Expert Comments on Effectiveness of Personal Data Protection Act

A digital forensic expert doubts that the Personal Data Protection Act will suddenly eradicate data breaches.


11 Million Cyber Threats Detected in Indonesia Apart from Bjorka

12 hari lalu

11 Million Cyber Threats Detected in Indonesia Apart from Bjorka

The case of data leak committed by an anonymous hacker under an account name Bjorka is not the only cyber threat detected in Indonesia.


Indonesia to Establish Domestic Cloud Computing Ability

13 hari lalu

Indonesia to Establish Domestic Cloud Computing Ability

Presidential Office plans to establish a domestic cloud computing service following the recent series of data breaches.


Police Say The Arrested Madiun Man Is Provider of Bjorka Telegram Channel

16 hari lalu

Police Say The Arrested Madiun Man Is Provider of Bjorka Telegram Channel

The National Police has confirmed that the young man from Madiun who was arrested previously is suspected to be the provider of Bjorka's Telegram.


Notorious Hacker Bjorka Denies Police Arrest Claim

17 hari lalu

Notorious Hacker Bjorka Denies Police Arrest Claim

The hacker known as Bjorka has responded to the report of his arrest by the police.


Mahfud MD Forms Data Protection Task Force After 'Bjorka' Hacking

19 hari lalu

Mahfud MD Forms Data Protection Task Force After 'Bjorka' Hacking

Coordinating Minister Mahfud MD announced the formation of a data protection task force following the Bjorka hacking fiasco.


Govt Demands Better Private Sector Cybersecurity Amid 'Bjorka' Data Breach

19 hari lalu

Govt Demands Better Private Sector Cybersecurity Amid 'Bjorka' Data Breach

Private electronic service providers were asked by the government to beef up their cybersecurity measures amidst rampant Bjorka data breaches.


4 Data Breach Confirmation Websites You Can Use

19 hari lalu

4 Data Breach Confirmation Websites You Can Use

Here are 4 websites to ensure whether our personal data has been compromised or not in a data breach case.


Data Breach Case: BSSN Probing Background of Hacker Bjorka

19 hari lalu

Data Breach Case: BSSN Probing Background of Hacker Bjorka

The National Cyber and Encryption Agency (BSSN) is currently investigating the background of "Bjorka" who hacked the data of several govt websites.


BSSN Hunting for Bjorka's Identity, Motives

19 hari lalu

BSSN Hunting for Bjorka's Identity, Motives

BSSN in tandem with the National Police is hunting for the identity of a hacker known as Bjorka.