Tuesday, June 6, 2023

Social Security Data Breach Exposes Virtually All Indonesians to Digital Fraud Risks

Jakarta Globe
May 21, 2021 | 3:21 pm
A BPJS Kesehatan officer displays his digital health insurance card in Jakarta on Sep 13, 2019. 
(Antara Photo/Muhammad Adimaja)
A BPJS Kesehatan officer displays his digital health insurance card in Jakarta on Sep 13, 2019. (Antara Photo/Muhammad Adimaja)

Jakarta. A suspected breach of Indonesia's social security data has put virtually all Indonesians exposed to digital attacks and frauds, authorities and digital security experts warned on Friday. 

The Communication and Information Technology Ministry said that it has suspected personal records of at least 100,000 individuals have been leaked from BPJS Kesehatan and asked the country's national insurance company to notify the individuals about the breach. 

The records were part of a sample database offered for free by an individual, or group of individuals, using the username Kotz, at the database sharing forum Raidforum.

Since May 12, Kotz has been trying to sell for 0.15 bitcoins ($6,130) a larger set of the database they claimed to hold more than 279 million records, containing information ranging from national identity numbers, social security numbers, phone numbers, and tax identification numbers, to family members, blood type, and salaries.


BPJS Kesehatan reported it has 222.5 million users at the end of last year, covering about 82 percent of Indonesia's 270.2 million people. 

"The ministry suspected the sample database is identical to BPJS Kesehatan's database," Dedy Permadi, the Communication and Information Technology spokesman, said. 

"The suspicion is based on records of social security number, office code, family records, and payment status [in the sample database], which are identical with BPJS Kesehatan's records," Dedy said. 

Dedy said the ministry had asked three websites hosting the sample database to take down the sample from their website. Two of the websites have complied, he said. 

The ministry has also summoned BPJS Kesehatan's directors to explain the data breach.

It also reminded  BPJS Kesehatan that under a 2019 Government Regulation about Operation of Electronic Systems and Transactions, the insurance body had an obligation to notify the authorities and the individuals affected by the data breach at the earliest opportunity possible. 

M. Iqbal Anas Ma'ruf, BPJS Kesehatan's head of public relations, said earlier on Thursday that the insurance body had launched an investigation on the suspected data breach. 

Iqbal also said  BPJS Kesehatan guaranteed the security of BPJS Health participant data. 

"With complex big data stored on our servers, we have a strict and layered data security system to ensure the confidentiality of such data, including [the national insurance scheme] participant's data," said Iqbal.

If true, his would be the largest personal data breach the country has ever seen. Last year, a hacker leaked 15 million user accounts of Tokopedia, one of the largest e-commerce companies in Indonesia. 

Pratama Persadha, the chairman of Communication & Information System Security Research Center (CISSReC), a Jakarta-based research group specialized in digital security, said fraudsters could use the data to carry out targeted phishing or other types of social engineering attacks.

"Even though the database did not contain sensitive data such as credit card details, with some personal data that exists, cybercriminals have more than enough to cause real damage and threats," Pratama said on Thursday. 

Criminals can combine the information found in the leaked database with other data breaches to create detailed profiles of their potential victims. With such information, criminals devise a more convincing scenario to trick their victims, Pratama said. 

Tags: Keywords:


Business 9 hours ago

May Inflation Lowest in Five Months

The year-on-year inflation rate stood at 4%, while the year-to-date inflation rate for May was 1.10%.
News 11 hours ago

Mahfud Turns Down Offer to Become Running Mate for Anies

The offer came from the Prosperous Justice Party (PKS), a member of the coalition that nominates Anies for the 2024 presidential election.
News 12 hours ago

Indonesia Pays SEA Games Medalists $19M in Bonuses

The president told the athletes to “spend the money wisely” and avoid buying luxury items.
News 12 hours ago

ASEAN Works Towards Expanding RCEP Trade Deal Membership

The RCEP brings together the 10 ASEAN member states, China, Japan, South Korea, Australia, and New Zealand.
News 17 hours ago

Japanese Emperor Naruhito to Visit Indonesia in Coming Weeks

It would be Naruhito's first official goodwill visit since his ascension to the Chrysanthemum Throne as Japan's 126th emperor.