A REPORTED data breach of the now-defunct electronic Health Alert Card (eHAC) system has raised serious concerns about the security of the PeduliLindungi application, a key part of the government’s “living with Covid-19” strategy.

The authorities said that they had investigated a suspected data breach of the old eHAC system, which had jeopardised the data of around 1.3 million users.

The system was primarily used by the Health Ministry to help with contact tracing. The incident, which is not unusual given the country’s weak cybersecurity, was brought to light by encryption provider vpnMentor, which wrote in a report on Monday that the data included contact details, ID card details and Covid-19 test results.

“The Health Ministry is sure that none of eHAC users’ private data was leaked. The data on eHAC is not shared with the third party’s platform,” Health Ministry Data And Information Centre head Anas Ma’ruf said in a press conference on Wednesday.

That being said, the National Cyber and Encryption Agency (BSSN) admitted that there had been a potential exposure of private data as reported by vpnMentor.

The e-HAC fiasco came to light shortly after the government announced it would require the public to download the PeduliLindungi app, which is connected to the new eHAC system, on their phones as it prepares for the inevitable reality in which the country may have to live side by side with Covid-19 for years to come.

“The pandemic is unavoidable, not only for the Indonesian people alone, but also for the global community,” Coordinating Maritime and Investment Minister Luhut Pandjaitan said on Monday, adding that one way people can deal with the virus was by taking the right precautions and expediting the vaccination rate.

The app, which provides vaccination records, health status and travel history of account holders, is primarily designed to help boost the government’s testing and tracing capacity and allow people to go about their activities.

“Strict implementation of health Following the alleged data breach, the government assured the public that the new eHAC system within PeduliLindungi app was safe, saying that the system’s server infrastructure was located in the national data center secured by the BSSN.

Not everyone is convinced, however.

Drone Emprit co-founder and cyberactivist Ismail Fahmi called on authorities to prevent possible data leaks by making sure that data-protection infrastructure is in place.

“This is no longer the case of a hacker stealing our data. We give our private data to the government, which in turn gives it to a third party without consent,” said Ismail. — The Jakarta Post/ANN