APSN Banner

KAI commuter reassures users following ticketing app security breach

Jakarta Globe - March 7, 2024

Antara, Jakarta – Train operator KAI Commuter affirms the security of its C-Access ticketing and train schedule application for users following a security breach.

"KAI Commuter guarantees the safety of balances on the multi-trip card and the data of commuter line users registered in the C-Access application," stated Corporate Secretary of KAI Commuter, Anne Purba, in her statement on Wednesday.

Anne clarified that the breach occurred in the app's ticket top-up feature.

She reassured the public about using the C-Access application for commuter line services, emphasizing KAI Commuter's robust information security management system.

"At present, KAI Commuter has implemented ISO 27001:2013 as the standard for the information security management system in the management information system and online top-up transactions in the C-Access application," she said.

Anne further explained that security standards undergo periodic implementation and audits by independent auditors to ensure their effectiveness.

"KAI Commuter is committed to continuously enhancing cybersecurity in the implementation of information technology to facilitate the public in using the commuter line, and will thoroughly investigate this crime," she added.

Previously, the Metro Depok City Police disclosed a hacking case into the KAI Access card application, manipulating the payment system, with the suspect successfully gaining profits.

"The perpetrator topped up the balance of the KAI Commuter card using the C-Access application and HttpCanary application, with a payment method using the Gopay application by modifying the C-Access application system, resulting in an administrative fee of only one rupiah for each top-up," said Depok City Police Chief, Kombes Pol Arya Perdana.

According to Arya, the suspect AAH, 21, managed to obtain a top-up balance of Rp 12.4 million ($792) from 25 top-ups with a payment of only Rp 25. "The suspect committed the act from Feb. 26 to Feb. 28, 2024," he stated.

Arya has secured several pieces of evidence, including one smartphone, one email address, 10 KAI Commuter cards, and two SIM cards.

Source: https://jakartaglobe.id/tech/kai-commuter-reassures-users-following-ticketing-app-security-breac