In past cases of data theft, there were few immediate consequences, such as when the account details of 15 million customers of the country's biggest Islamic lender, Bank Syariah Indonesia (BSI), were published online last year or when, in 2021, a flaw in the Health Ministry's COVID-19 app exposed the personal data and health status of 1.3 million people.

Last week’s data breach was different. 

The cyberattack that compromised the national data center, which hosts data from at least 210 government agencies, including the immigration office, sent the country back to the pre-internet era, with immigration officers at the country’s major airports resorting to using their cell phones to record the passport data of people entering and leaving the country. 

This time, the consequences were clear, with long lines forming at immigration checkpoints and travelers missing their flights. 

The cyberattack also reportedly compromised data held the Coordinating Maritime Affairs and Investment Ministry that affected the process of business and event licensing.

These disruptions to public services, however bad, may be the least of our worries. Deeper concern should be reserved for what will happen to the personal, confidential data that is now under the control of the hackers, who used malicious software called Lockbit 3.0 for the operation and have demanded a ransom of US$8 million.

In this kind of ransomware attack, hackers can leak or delete confidential data to pressure the targeted person or organization to pay up.

The Communications and Information Ministry, the agency most responsible for the upkeep of the national data center, has insisted that it will not negotiate with the hackers and has refused to pay the ransom to release the data. 

The success of this latest hacking attempt should not surprise us at all. When it comes to government data centers, it was not a question of if but of when a cyberattack would happen, given the lack of a comprehensive strategy to handle our valuable personal data.

In fact, if the details of the recent hacking operation revealed by the National Cyber and Encryption Agency (BSSN) are true, the attack may have compromised the national data center as a whole, as its servers were protected by a proprietary, off-the-shelf Windows Defender software. We should be very afraid for the fate of our personal data.

Meanwhile, the Communications and Information Ministry has not been a paragon of integrity. Its last minister, Johnny G. Plate was sentenced to 15 years in prison in a mega corruption case surrounding the construction of telecommunications towers in remote regions of the country.

It does not help that Johnny’s successor, Budi Arie Setiadi, is a politician close to President Joko “Jokowi” Widodo who was assigned to the position mostly because of the electoral support he provided for the President.

The world has changed rapidly. Information technology has become a core engine of economic growth, while the internet and social media serve as an arena in which countries battle for supremacy.

The frequent cyberattacks targeting private and government-run institutions show how woefully unprepared Indonesia is to deal with these new challenges.

In the past few years, there was little appetite even to find well-qualified individuals to take charge of institutions responsible for handling our personal data.

It is likely that once the brouhaha over this latest hacking blows over, officials at the Communications and Information Ministry, the BSSN and everyone tasked with handling our data will keep their jobs. 

But we deserve better.