TheJakartaPost
Please Update your browser
Your browser is out of date, and may not be compatible with our website. A list of the most popular web browsers can be found below.
Just click on the icons to get to the download page.
PLN, Indihome suspected data breaches underline urgency of PDP bill
The suspected data breaches from PLN and IndiHome, involving a huge chunk of private data getting sold and distributed on an online forum, shed light on how much Indonesia needs the new PDP bill.
Change text size
Gift Premium Articles
to Anyone
Share the best of The Jakarta Post with friends, family, or colleagues. As a subscriber, you can gift 3 to 5 articles each month that anyone can read—no subscription needed!
Hacker, threat. (Shutterstock/chainarong06)
T
he suspected data breaches on PLN and IndiHome, a subsidiary of Telkom Indonesia, broke the news over the past week as the cases involved a huge chunk of private data getting sold and distributed on an online forum with the domain of breached.to.
The two firms were highlighted as PLN’s data consisted of 17 million IDs, names, energy types, KWH, addresses, meter numbers, meter types and UPI unit names, while Indihome’s data consisted of 26 million entries of browsing history, ID cards, emails, phone numbers, passwords, domains, platforms and URLs.
While PLN did not reply when asked for comment on the matter, Telkom Indonesia claimed the data scattered in the forum were invalid and fabricated.
“Our investigation shows that there was no IndiHome customer data breach and we have reported this to Kominfo. We guarantee that all of customers’ data are secured and safeguarded by integrated cybersecurity in accordance with the laws and regulations in place,” Pujo Pramono, vice president corporate communication of Telkom Indonesia, told The Jakarta Post.
Still, these alleged breaches shed light on how Indonesia is in urgent need to ratify the long-awaited private data protection (PDP) bill currently under discussion in the House of Representatives.
Satriyo Wibowo, secretary of Indonesia Cyber Security Forum (ICSF), said the currently imposed cyber law in Indonesia only gives administrative sanctions for the party who failed to keep watch on data protection.
“Even worse, the only executable punishment is just a written warning because, although fines are incorporated in the law, it is not doable due to how the regulation that governs wherein the money will be directed is non-existent,” he said.
