On Oct. 21, an alleged Brazilian hacker named SonIx defaced the website of the national malware center hosted by the BSSN, an agency that is supposed to detect and prevent cyberattacks, as retaliation for what SonIx claimed was the hacking of a Brazilian government website by Indonesian hackers.

BSSN spokesperson Anton Setiyawan told The Jakarta Post that the agency was still conducting an investigation to ensure that no data was stolen, adding that pusmanas.bssn.go.id had been temporarily disabled.

The incident occurred only a week after the Indonesian Child Protection Commission's (KPAI) database of the personal information of people who filed reports on alleged child abuse cases, like bullying, kidnapping, violence against children and rape, was hacked on Oct. 13. The data also included sensitive data on abused children.

The breach exposed names of the children and their guardians, as well as ID card numbers, mailing and email addresses and phone numbers of the persons who reported the alleged abuse.

An account with the username C77 on online hacking forum RaidForums has put up for sale the data of almost 25,000 reports filed with the KPAI from 2016 to the present, koran.tempo.co reported.

Read also: Reported leak adds urgency for speedy passage of data protection bill: House speaker

KPAI chairman Susanto said this office had taken steps to keep its data secure, claiming that the incident did not affect its complaint system. The commission has reported the incident to the Communications and Information Ministry and the police cybercrime directorate, as well as the BSSN, which is expected to assist the investigation into the data breach.

The ministry will summon the KPAI for further information regarding the cyberattack.

Pratama Persadha from think tank Communication and Information System Security Research Center (CISSReC) said the number of cyberattacks on government websites was due to weak awareness of data security.

Read also: Low awareness underlies Indonesia’s cybersecurity woes

Although the attack on the BSSN was relatively mild, Pratama suggested that the agency immediately check all its systems to prevent more destructive attacks.

He said most websites hosted by state agencies had weak security systems that were easy to hack, urging them to check the security of their websites.

Wahyudi Djafar from the Institute for Policy Research and Advocacy (Elsam), which has been advocating personal data protection laws for years, said the series of cyberattacks against state agencies, particularly the BSSN, called into question the government's commitment to protecting information.

“Cyberattacks do not only affect the systems they are targeting but also the integrity, security and confidentiality of the public's personal information,” he said.

Read also: Spy agency hit in ‘mass hack’ of state apparatus

Experts also urge the government and lawmakers to immediately enact the data protection bill, which will provide guidelines for law enforcement agencies to impose stern penalties against the illegal use of personal data.

But the bill, whose deliberation has been delayed several times by the House of Representatives, does not specifically set a standard for the protection of the personal data of children. Thus, Elsam demanded that policymakers include this in the bill.

Anton from the BSSN said his office would evaluate and improve web security of the BSSN and other government agencies.