APSN | Hacker breaches data of 34 million Indonesian passports

Hacker breaches data of 34 million Indonesian passports

Jakarta Post - July 7, 2023

Jakarta – The data of more than 34 million Indonesian passport holders at the Immigration Directorate General have been reportedly breached by pseudonymous hacker Bjorka.

Cybersecurity researcher and consultant Teguh Aprianto first revealed the cyberattack on Wednesday through his Twitter account @secgron.

Among the leaked data are full names, passport numbers, expiry dates, dates of birth and gender of 34.9 million Indonesian passport holders. The 4-gigabyte-data was offered for US$10,000.

Bjorka also offered 1 million samples of the stolen data in a hacker platform, showing passport data taken between 2009 and 2020. "It looks like the data is valid judging from the given sample," Teguh wrote.

The Communications and Information Ministry launched an investigation on Wednesday night to verify the reported breach on personal data from 34.9 million Indonesian citizens' passports.

But the ministry could not confirm there had been "a breach of the massive amount of personal information" as reported, said the ministry's Applications and Informatics Director General Semuel Abirjani Pangerapan in a statement.

Separately, the ministry's Information and Public Communication Director General Usman Kansong said there were some differences in the data structure between Bjorka's breached data with the ones kept in the national data center, as reported by Antara.

The communications ministry would continue the investigation and coordinate with the National Cyber and Encryption Agency (BSSN), which is mandated to formulate government policies on cybersecurity, and the Immigration Directorate General.

The passport data breach is the latest of a series of data leaks occurring in the country. Most recently, hacker group LockBit ransomware claimed in May to have breached 1.5 terabytes of private data managed by state-owned sharia bank Bank Syariah Indonesia (BSI).

The Communications and Information Ministry recorded at least 94 reported breaches of databases in the past four years. Two thirds of the incidents allegedly occurred in the databases managed by private electronic service providers, while the rest happened in the databases of public providers.

Indonesia passed the Personal Data Protection Law in September 2022, which grants citizens more control over their personal information online. The law also requires data controllers and processors to ensure the rights of data subjects and the security of their data, including by setting up firewalls and encryption systems. (kuk)

Source: https://asianews.network/hacker-breaches-data-of-34-million-indonesian-passports

News

Indonesia

Internet & Social Media

APSN Websites

Indoleft

What's happening inside Indonesia – News, analysis and statements on Indonesia, Aceh and West Papua translated from Indonesian language sources otherwise not available in English.

Drunken Republic

The lighter (or darker) side of Indonesian politics. A unique collection of Indonesian political cartoons with English language translations and political commentary maintained as part of the Indoleft website.

APSN Archive Site

With the launch of the APSN Indonesia & East Timor Digest, the old Asia Pacific Solidarity Network website is no longer being updated but is still available as a public archive.

About us

The Indonesia & East Timor Digest is maintained by the Asia Pacific Solidarity Network (APSN), a network of activists building solidarity with and support for movements for social justice, genuine democracy and self-determination in the Asia Pacific region.

APSN works closely with the Red Ant Collective – a socialist group formed in October 2022 dedicated to socialism, internationalism and anti-imperialism.