TheJakartaPost
Please Update your browser
Your browser is out of date, and may not be compatible with our website. A list of the most popular web browsers can be found below.
Just click on the icons to get to the download page.
Home Ministry plays down alleged leak of civil registry data
Change Size
T
he Home Ministry has denied allegations that a recent leak of civil registry data originated from its servers, as the government scrambles to contain the fallout from yet another breach of sensitive information.
Data leaks in Indonesia have become increasingly common as the country struggles to implement good digital governance while the adoption of new technologies continues apace.
The latest breach was flagged on Sunday by cybersecurity researcher Teguh Aprianto, who tweeted that a hacker had put up for sale some 337 million data points allegedly siphoned from the ministry’s population and civil registry (Dukcapil) on online hacker platform BreachForums, prompting fresh personal data protection concerns.
The hacker, who goes by the pseudonym RRR, uploaded an offer on the forum on Friday for an undisclosed sum of money. The leak purportedly offers 71 samples of data consisting of citizens’ full names, national ID and family card (KK) numbers as well as addresses and other information usually used in the retrieval of passwords.
The cyberattack has thrown the Home Ministry into the spotlight, as it is one of the few government agencies authorized to handle such sensitive information.
“So far there have been no traces of any data leaks from SIAK,” said Teguh Setyabudi, the ministry’s director general for the civil registry, on Wednesday, as quoted by kompas.com. SIAK is the information system authorities use to administer population data.
An investigation into the source of the alleged leak is currently ongoing, the official added. The National Cyber and Encryption Agency (BSSN) has been brought into the fold in anticipation of future data breach incidents.
On Thursday, newly appointed Communications and Information Minister Budi Arie Setiadi told the press that his office would work with the BSSN to address such data privacy violations.
“I call on all government institutions and private electronic service providers who manage private data to truly protect the data they manage,” he said at his office in Jakarta.
This is the second time in a month that a serious government data breach has been reported. Earlier this month, immigration office data on nearly 35 million Indonesian passport holders was reportedly leaked by the infamous hacker Bjorka.
Among the leaked data are full names, passport numbers and expiry dates, dates of birth and the gender of passport holders. The 4 gigabytes of data were offered for US$10,000. Bjorka also offered a million samples of the stolen data on a hacker platform, showing passport data taken between 2009 and 2020.
The communications ministry is still investigating the incident in coordination with the BSSN.
Rampant breaches of citizen data have exposed the vulnerability of information systems managed by government institutions, said Wahyudi Djafar, executive director of the Institute for Policy Research and Advocacy (Elsam).
Wahyudi said the failure of law enforcers in most incidents involving government agencies has exacerbated the negligence of data handlers themselves.
“The passage of the Private Data Protection [PDP] Law is supposed to push for improvements for the data handler in protecting data,” Wahyudi said.
The 2022 PDP Law grants citizens more control over their personal information online. The law also requires data controllers and processors to guarantee the rights of data subjects and the security of their data, including by setting up firewalls and encryption systems.
But the data protection oversight agency mandated by the law has yet to be formed, partly because of a leadership vacuum left by the former minister, senior NasDem Party politician Johnny G. Plate, who is embroiled in a high-profile corruption case.
