In a May 12 post on online hacking forum raidforums.com, an account with the username Kotz claimed to have the personal data of 279 million people, alive and deceased, including their full names, ID card numbers, email addresses, phone numbers, dates and places of birth, as well as salary details. The information allegedly belongs to national health insurance (JKN) policyholders. Kotz is offering access to the date for 2 Bitcoin, or roughly US$74,906 (Rp 1 billion). Kotz initially provided a link to three separate file-sharing websites on which data on 2 million people could be downloaded as a sample, but later deleted the post and denied having offered to sell the data.

Health Care and Social Security Agency (BPJS Kesehatan), which manages the JKN, said on Thursday it was looking into whether the leaked data had originated from the JKN or other sources, with spokesperson Iqbal Anas Ma’ruf reiterating the agency’s commitment to protecting the data of their policyholders. Iqbal said the agency applied multiple layers of a stringent data security system.

To date, the agency manages around 224 million active JKN participants, or about 82 percent of the Indonesian population.

Read also: House, government remain at odds over data protection bill

The Communications and Information Ministry is also investigating the alleged data breach and has so far found that only 100,000 entries of the already leaked 1 million were valid. The ministry has taken down the download links on bayfiles.com, mega.nz and anonfiles.com. Access to raidforums.com has also been blocked.

“We also found indications that the data was identical to BPJS Kesehatan’s data as it contains BPJS Kesehatan participant information, like [JKN] identity numbers and [premium] payment status,” ministry spokesperson Dedy Permadi said on Friday.

Popular

Kadin urges stability after Constitutional Court ruling

Jokowi says transition to new government to begi

BCA loan disbursement surges 17.1 percent yoy in first quarter