Indonesia’s Communication and Information Ministry has confirmed a leak of social security data, it attempted to downplay the incident explaining that it only impacted a small portion of the population.
The authorities launched an investigation into the data leak after a user, that goes with the handle Kotz, posted on a hacker forum samples of data belonging to Indonesian citizens. The leaked records include names, citizenship identity numbers, residential addresses. and phone numbers of one million Indonesian citizens.
Kotz claimed to have a database containing the data of all 270 million citiziens.
“In a statement on Friday (May 21), a spokesman for the Communication and Information Ministry said that it was probing 100,002 samples, far fewer than claimed.” reported The Straits Times. “The spokesman, Mr Dedy Permadi, also said the data, such as card numbers, family information and payment status, was allegedly “identical” to those held by the Healthcare and Social Security Agency, BPJS Kesehatan, which runs Indonesia’s universal healthcare programme.”
The authorities also announced to have taken steps to prevent further data leaks.
“The Communication and Information Ministry has taken anticipatory measures to avert the spread of the data further by cutting off access to the links to download the personal data,” Permadi said.
The Healthcare and Social Security Agency, BPJS Kesehatan in investigating the possible source of the leak.
At the time of this writing it is not clear how the attackers have gained access to the citizens’ data.
In June 2020, researchers at threat intelligence firm Cyble discovered over 230.000 Indonesian COVID-19 patients’ records leaked in the darknet.
The leaked dump included name, address, present address, telephone number, citizenship, diagnosis date, result, result date, and many more.
(SecurityAffairs – hacking, Indonesia)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.