The Jakarta Post
An unknown hacker has allegedly breached a government database of 230,000 people who have undergone COVID-19 testing.
The hacker, under the username Database Shopping, offered the personal data of COVID-19 test-takers in Indonesia on the data-exchange platform Raid Forums, where another member put up for sale the personal information of 15 million users from homegrown e-commerce unicorn Tokopedia’s internal database for US$5,000.
The as-yet-unidentified user showed an example of the breached data sets, which included personal details such as the names, addresses, ages and nationalities of the patients undergoing COVID-19 testing at several hospitals in Bali.
The data also showed which kind of tests each individual took.
“Indonesia COVID-19 database, 230k [worth of data in the] MySQL [database]. Leak date: May 20, 2020. I sell it to the enthusiast,” user Database Shopping said in a post on raidforums.com on Thursday.
During an interview with the Kompas daily through email, the seller claimed they also breached the database of people participating in testing from other regions, such as Jakarta and Bandung in West Java.
The user put up the complete database for sale for $300.
Responding to the alleged data breach, national COVID-19 task force spokesperson Achmad Yurianto said on Saturday as quoted by kompas.com that they would “leave it to the authority.”
He did not disclose any details regarding the breach.
Data breach cases are on the rise in Indonesia, which has yet to pass a personal data protection bill. In 2013, hackers accessed the information of millions of Indonesian citizens via the General Elections Commission’s website. The data set was claimed to be the final voter list of the 2014 presidential election. (mfp)