Caesar Akbar, Jakarta – Indonesians were recently stunned by yet another news of a major data breach, reported by vpnMentor researchers, that exposed personal data of 1.3 million people registered in the country's electronic Health Alert Card (eHAC) system, a government tracing app used to tackle Covid-19.
This potentially presents risk for the user data exploitation as it leaked names, home addresses, ID numbers, Covid-19 hospital tests, and more. However, a Health Ministry representative insisted that the data collected by eHAC had not been breached.
Here are 5 more examples of data breach cases, both allegedly and confirmed, that happened in Indonesia for the past year and a half.
1. Healthcare and Social Security Agency (BPJS Kesehatan)
In May, the personal data of BPJS Kesehatan users was sold in an online forum known as Raid Forums for the price of 0.15 bitcoins by a user called 'Kotz.' Tempo confirmed this to cybersecurity expert from Vaksincom, Alfons Tanujaya, to which he answered: "It seems to be confirmed," on May 20, 2021.
Not long after the news broke out, BPJS Kesehatan director Ali Ghufron Mukti acknowledged that a number of users' data from his institution had been sold on the internet.
2. Cermati and Lazada
The data breach of the two websites was once again revealed after 2.9 million personal users' data were sold in Raidforums at the end of 2020. As for Lazada, at least 1.1 million data was sold illegally, which involved Redmart databased hosted by a third party.
3. BRI Life
The data breach of BRI Life was first known after a Twitter account under the name @HRock revealed that data of 2 million of the life insurance's customers were sold online for US$7,000. Based on the account's image post, exposed data include electronic ID card information, birth certificate, and health track records.
In May 2020, millions of personal data was non-consensually stolen from the popular e-commerce. Some even claimed the exposed 91 million personal data was sold for US$5,000. At the time, Tokopedia representative asserted that the incident was not an attempt to steal personal data.
5. General Elections Commission (KPU)
An internet user claimed to have information of the breach of 2.3 million Indonesians from the General Elections Commission (KPU) website back in May 2021. This user believed the data breach took place since 2013 and claimed that the hackers threaten to leak 200 million more.