Indonesia: Personal Data Protection Law in Talks After Major Security Breach
Personal Information of More Than 200 Million BPJS Participants Had Allegedly Been Compromised and Leaked on an Online Forum.
The personal data of over 279 million Indonesians were allegedly leaked and sold on a hacker platform this month. The data include citizenship identity numbers, identity cards, phone numbers, email addresses, names, home addresses, and salaries.
Image Source: TEMPO/Aditia Noviansyah
According to the Ministry of Communication and Information, the suspected data breach and its sale are being investigated on the hacker platform “Raid Forums.”
The Ministry of Home Affairs said the allegedly leaked data did not originate from the Population and Civil Registration department.
Information related to the data breach and its leakage first surfaced on social media, claiming to be from the Health Care and Social Security Agency (BPJS Kesehatan).
The spokesman for BPJS Kesehatan, Iqbal Anas Ma’ruf, declared that the agency is also investigating to determine if the leaked data originated from its system. A special team was appointed to immediately find the source of the leak.
BPJS claimed to have a strict and layered data security system in place to ensure personal data confidentiality.
Following the news of the incident, Commission I House of Representative (DPR) legislator Sukamta highlighted the fact that data breaches have happened too often which exposes Indonesia’s cybersecurity weaknesses.
This is how weak our cybersecurity is even though the BPJS always maintains and guarantees the security of its confidential data. Add to the fact that hackers often find themselves updating and improving their skills on constantly updated technologies.
As the latest data breach has posed a critical alarm bell for the country’s weak cybersecurity, fellow Commission I legislator Dave Laksono added that House members intend to quickly pass the draft law on personal data protection.
Indonesia’s Central Information Commission (KIP) has also expressed concern about the pressing issue and pushed for the Personal Data Protection draft to be quickly passed.
It’s safe to say we are facing a personal data protection emergency amidst the wave of new technology developments. Which is why the personal data protection act must be quickly passed and made into law for the sake of people’s security.
This is not the first cyberattack involving personal data leaks in Indonesia.
In 2020, users’ personal information data from users of two leading e-commerce sites, Tokopedia and Bukalapak, was leaked.
Additionally, no less than 2.3 million voter records from the General Election Commission (KPU) have been leaked and sold on online forums.