Jakarta – A cyberattack, reportedly orchestrated by a pseudonymous hacker known as Bjorka, has led to the compromise of personal data of more than 34 million Indonesian passport holders from the Immigration Directorate General. The alarming breach highlights the pressing need for robust cybersecurity measures to safeguard sensitive personal information in an increasingly digital world.
The cyberattack was initially revealed by cybersecurity researcher and consultant, Teguh Aprianto, via his Twitter account @secgron. The breached data, comprising the full names, passport numbers, expiration dates, birth dates, and gender of approximately 34.9 million Indonesian passport holders, was offered for sale at US$10,000 by the hacker. The dataset, weighing 4 gigabytes, provides a chilling reminder of the scale and severity of such cyberattacks.
Bjorka also offered one million samples of the stolen data on a hacker platform, presenting passport data collected between 2009 and 2020. Based on the given samples, Teguh has noted that the data appears to be authentic.
Also Read: Revamping Pensions: Ibrahim’s Initiative for Retirees in the Wake of Legal Disruption
The Communications and Information Ministry of Indonesia initiated an investigation to validate the reported breach, encompassing the personal data from 34.9 million Indonesian citizens’ passports. However, Semuel Abirjani Pangerapan, the ministry’s Applications and Informatics Director General, stated in a press release that they couldn’t confirm “a breach of the massive amount of personal information” as reported.
Usman Kansong, the ministry’s Information and Public Communication Director General, noted that there were some discrepancies in the data structure between Bjorka’s breached data and the ones stored in the national data center. The ministry has pledged to continue the investigation, working in conjunction with the National Cyber and Encryption Agency (BSSN), responsible for shaping government policies on cybersecurity, and the Immigration Directorate General.
This data breach incident is not an isolated case but part of a series of data leaks that have plagued the country. A recent example is the claim by the hacker group LockBit ransomware in May, stating it had breached 1.5 terabytes of private data managed by the state-owned sharia bank, Bank Syariah Indonesia (BSI).
The Communications and Information Ministry has documented at least 94 reported breaches of databases in the past four years. A significant portion, two-thirds, of these incidents reportedly took place in the databases managed by private electronic service providers, with the remaining incidents happening in the databases of public providers.
Indonesia passed the Personal Data Protection Law in September 2022, which affords citizens more control over their personal information online. The law mandates data controllers and processors to uphold the rights of data subjects and the security of their data, which includes establishing firewalls and encryption systems. This massive breach serves as a stark reminder of the importance of such protective measures and the potential repercussions of their absence.
News based on Asia News.
