Indonesia’s Communication and Information Ministry has confirmed a leak of social security data, it attempted to downplay the incident explaining that it only impacted a small portion of the population.
The authorities launched an investigation into the data leak after a user, that goes with the handle Kotz, posted on a hacker forum samples of data belonging to Indonesian citizens. The leaked records include names, citizenship identity numbers, residential addresses. and phone numbers of one million Indonesian citizens.
Kotz claimed to have a database containing the data of all 270 million citiziens.
“In a statement on Friday (May 21), a spokesman for the Communication and Information Ministry said that it was probing 100,002 samples, far fewer than claimed.” reported The Straits Times. “The spokesman, Mr Dedy Permadi, also said the data, such as card numbers, family information and payment status, was allegedly “identical” to those held by the Healthcare and Social Security Agency, BPJS Kesehatan, which runs Indonesia’s universal healthcare programme.”
The authorities also announced to have taken steps to prevent further data leaks.
“The Communication and Information Ministry has taken anticipatory measures to avert the spread of the data further by cutting off access to the links to download the personal data,” Permadi said.
The Healthcare and Social Security Agency, BPJS Kesehatan in investigating the possible source of the leak.
At the time of this writing it is not clear how the attackers have gained access to the citizens’ data.
In June 2020, researchers at threat intelligence firm Cyble discovered over 230.000 Indonesian COVID-19 patients’ records leaked in the darknet.
The leaked dump included name, address, present address, telephone number, citizenship, diagnosis date, result, result date, and many more.
Follow me on Twitter: @securityaffairs and Facebook
[adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, Indonesia)
[adrotate banner=”5″]
[adrotate banner=”13″]
An international law enforcement operation led to the disruption of the prominent phishing-as-a-service platform LabHost.…
Russia-linked APT Sandworm employed a previously undocumented backdoor called Kapeka in attacks against Eastern Europe since…
Cisco has addressed a high-severity vulnerability in its Integrated Management Controller (IMC) for which publicly…
Threat actors are exploiting the CVE-2023-22518 flaw in Atlassian servers to deploy a Linux variant of…
Ivanti addressed two critical vulnerabilities in its Avalanche mobile device management (MDM) solution, that can…
Researchers released an exploit code for the actively exploited vulnerability CVE-2024-3400 in Palo Alto Networks'…
This website uses cookies.