Sunday, September 24, 2023

Social Security Data Breach Exposes Virtually All Indonesians to Digital Fraud Risks

Jakarta Globe
May 21, 2021 | 3:21 pm
A BPJS Kesehatan officer displays his digital health insurance card in Jakarta on Sep 13, 2019. 
(Antara Photo/Muhammad Adimaja)
A BPJS Kesehatan officer displays his digital health insurance card in Jakarta on Sep 13, 2019. (Antara Photo/Muhammad Adimaja)

Jakarta. A suspected breach of Indonesia's social security data has put virtually all Indonesians exposed to digital attacks and frauds, authorities and digital security experts warned on Friday. 

The Communication and Information Technology Ministry said that it has suspected personal records of at least 100,000 individuals have been leaked from BPJS Kesehatan and asked the country's national insurance company to notify the individuals about the breach. 

The records were part of a sample database offered for free by an individual, or group of individuals, using the username Kotz, at the database sharing forum Raidforum.

Since May 12, Kotz has been trying to sell for 0.15 bitcoins ($6,130) a larger set of the database they claimed to hold more than 279 million records, containing information ranging from national identity numbers, social security numbers, phone numbers, and tax identification numbers, to family members, blood type, and salaries.


BPJS Kesehatan reported it has 222.5 million users at the end of last year, covering about 82 percent of Indonesia's 270.2 million people. 

"The ministry suspected the sample database is identical to BPJS Kesehatan's database," Dedy Permadi, the Communication and Information Technology spokesman, said. 

"The suspicion is based on records of social security number, office code, family records, and payment status [in the sample database], which are identical with BPJS Kesehatan's records," Dedy said. 

Dedy said the ministry had asked three websites hosting the sample database to take down the sample from their website. Two of the websites have complied, he said. 

The ministry has also summoned BPJS Kesehatan's directors to explain the data breach.

It also reminded  BPJS Kesehatan that under a 2019 Government Regulation about Operation of Electronic Systems and Transactions, the insurance body had an obligation to notify the authorities and the individuals affected by the data breach at the earliest opportunity possible. 

M. Iqbal Anas Ma'ruf, BPJS Kesehatan's head of public relations, said earlier on Thursday that the insurance body had launched an investigation on the suspected data breach. 

Iqbal also said  BPJS Kesehatan guaranteed the security of BPJS Health participant data. 

"With complex big data stored on our servers, we have a strict and layered data security system to ensure the confidentiality of such data, including [the national insurance scheme] participant's data," said Iqbal.

If true, his would be the largest personal data breach the country has ever seen. Last year, a hacker leaked 15 million user accounts of Tokopedia, one of the largest e-commerce companies in Indonesia. 

Bernado Rizky Julhenry (@bernadsatriani), CEO & IT Security on Viscus Media Dharna, an IT Security company, said fraudsters could use the data to carry out targeted phishing or other types of social engineering attacks.

"Even though the database did not contain sensitive data such as credit card details, with some personal data that exists, cybercriminals have more than enough to cause real damage and threats," Pratama said on Thursday. 

Criminals can combine the information found in the leaked database with other data breaches to create detailed profiles of their potential victims. With such information, criminals devise a more convincing scenario to trick their victims, Pratama said. 

Tags: Keywords:


Tech 17 hours ago

Gov’t to Issue Regulation Banning Social Media Platforms from Running E-Commerce

This regulation aims to safeguard Indonesia's MSMEs from unfair competition posed by tech giants operating in the country.
News 19 hours ago

Kaesang Aims to Help PSI Win House Seats

Kaesang compared PSI to the Move Forward Party in Thailand which also targets younger members but managed to win the legislative election.
News Sep 23, 2023 | 2:16 pm

P2P Lender AdaKami Wants Proof of Customer's Alleged Suicide Over Unpaid Debt

Online moneylenders have faced criticism for their aggressive debt collection practices.
Special Updates Sep 23, 2023 | 10:21 am

MSMEs in Tasikharjo Reap Benefits of Renewable Energy

The solar panels have a capacity of 6.54 kWp and can generate up to 10,241 kWh per year.
Business Sep 23, 2023 | 8:46 am

Pertamina to Build Sustainable Energy Center in New Capital Nusantara

The sustainable energy center will lie in the city’s “area 5”, along with other facilities such as Pertamina Sustainability Academy.