TheJakartaPost
Please Update your browser
Your browser is out of date, and may not be compatible with our website. A list of the most popular web browsers can be found below.
Just click on the icons to get to the download page.
Recent breach throws spotlight over deadlock in data protection bill’s deliberation
Change Size
Indonesia has yet to join the club of nations from Brazil to China and India that have issued stringent regulations on personal data protection, modeled on the European Union General Data Protection Regulation (GDPR). (Shutterstock/PopTika)
R
ecent data breaches and the attempted sale of customers’ private data have once again highlighted the dire need for Indonesia to draft specific data protection legislation.
In the latest case, the personal details of up to 2 million clients of BRI Life, the insurance arm of state lender Bank Rakyat Indonesia (BRI), were exposed on the internet and advertised for sale by unidentified hackers.
The breach was reported by Alon Gal, chief technology officer of cybercrime intelligence firm Hudson Rock, in his Twitter account @UnderTheBreach on July 27. In his tweet, he posted screenshots of an online forum thread showing the attempted sale of up to 250 gigabytes of BRI Life’s customer data, including details on insurance policy statements and copies of ID cards.
The seller reportedly offered the data for about Rp 100 million (US$7,000).
Reuters reported that Hudson Rock had found evidence that showed that the breach was likely made possible due to compromised employee computers at both BRI Life and BRI.
BRI Life corporate secretary Ade Ahmad Nasution said the hacker had gained access to the BRI Life Sharia Insurance data system, which held the details of around 25,000 individual sharia insurance policies, but added that it did not affect the data of other companies within the BRI group.
“This incident had no effect on other BRI customers and other companies within the BRI group,” Ade said on July 29 as quoted by Kontan.
