Exposed: Data breaches on the rise in Indonesia


Indonesia has seen at least five data breaches in August this year alone, two of which allegedly impacted state-owned firms holding the data of millions of customers. - Unsplash/JP

JAKARTA (The Jakarta Post/Asia News Network): The private data of millions of Indonesian citizens and corporations are at an increased risk of being exposed, amid the pandemic-influenced rise of remote work and a lack of robust personal privacy legislation.

The country has seen at least five data breaches in August alone, two of which allegedly impacted state-owned firms holding the data of millions of customers.

The data is now up for sale, according to hacking forum Breach Forums. In a now-deleted discussion thread posted on Aug 18, a member of the forum with the username loliyta claimed to be offering the personal data of some 17 million customers of state-owned electricity firm PLN, including names, addresses, customer ID numbers, kilowatt-per-hour usage and electricity meter numbers.

PLN said in a statement on its Twitter account on Saturday (Aug 20) that it was conducting an investigation into the alleged data breach with the Communications and Information Ministry and the National Cyber and Encryption Agency (BSSN).

The company claimed that its actual customer data system had remained secure and that the alleged leaked data was only a copy of public data taken from a customer data dashboard app, not real-time transaction data.

Another forum member, Bjorka, claimed to be holding some 26 million data entries belonging to IndiHome, an Internet service provider owned by state-owned telecommunications firm Telkom.

The breached data allegedly included full names, email addresses, genders, national ID numbers, IP addresses and customer browsing history.

Telkom denied the claim, saying the story of the leaked data had been fabricated and that its data was stored in an “integrated cyber security system”.

The government had summoned the two state-owned companies for clarification, said the information ministry’s applications and informatics director general, Semual Abrijani Pangerapan.

Breach Forum users also claimed to be selling 347 GB of confidential documents belonging to some 21,700 Indonesian companies and branches of foreign companies operating in Indonesia, 14 GB of data from Pendidikan Indonesia University students and 500,000 data entries from Gianyar regency in Bali.

Pratama Persadha of the Communications and Information System Security Research Center said the rate of data breaches had increased during the pandemic as more people began working from home with weak internet security systems.

The BSSN, he said, had recorded an increase in internet traffic anomalies – such as DDoS attacks, wherein hackers try to overwhelm and freeze websites with access requests – from around 800 million in 2020 to 1.6 billion in 2021.

“Working from home has increased the risk of data breaches because a lot of people access their employers' [online] systems from home or other locations outside the office,” he said.

He added that the country’s lack of data privacy laws had exacerbated the situation, as the government was not ensuring that electronic system providers secured user data or set uniform standards.

“The result is that when a data breach happens, nobody feels responsible and everybody feels like a victim,” Pratama said.

He urged the House of Representatives and the Communications and Information Ministry to quickly enact the personal data protection bill to hold electronic service providers accountable for any failures to protect private data.

The private sector, he added, should proactively improve its cyber security practices and the public should be more aware of data privacy.

Deputy chair of House Commission I, Abdul Kharis Almasyhari, said the legislative body would soon finish deliberations on the bill.

“We hope that by September the bill can be signed into law,” Kharis said on Wednesday.

He did not elaborate when asked if there were any specific points of contention holding up the bill.

The legislation seeks to clarify how state agencies are to handle data privacy cases and ensure that action is taken to protect private data, said commission member Bobby Adhityo Rizaldi.

Get 20% OFF The Star Digital Access

Monthly Plan

RM 13.90/month

RM 11.12/month

Billed as RM 11.12 for the 1st month, RM 13.90 thereafter.

Best Value

Annual Plan

RM 12.33/month

RM 9.87/month

Billed as RM 118.40 for the 1st year, RM 148 thereafter.

Follow us on our official WhatsApp channel for breaking news alerts and key updates!
Indonesia , data , breach , protection

Next In Aseanplus News

Ex-president Yoon’s jail sentence remains
Wreckage of lost plane found, search ongoing for missing crew
Nurse held after injecting detergent into husband in murder bid
Hospital to be converted into prison after 28 killed in riot
Two former ministers found guilty
Alpacas, mini pigs on the loose after floods hit zoo
Amnesty Bill splits political divide
Moon cargo service eyes shared rides and lower costs
Flood death toll nears 40
Emergency loan gets green light

Others Also Read