Indonesia ‘s government confirms social security data breach for some citizens

Indonesia has launched an investigation into a possible security incident that caused the leak of social security data for more than 270 million citizens.

Indonesia’s Communication and Information Ministry has confirmed a leak of social security data, it attempted to downplay the incident explaining that it only impacted a small portion of the population.

The authorities launched an investigation into the data leak after a user, that goes with the handle Kotz, posted on a hacker forum samples of data belonging to Indonesian citizens. The leaked records include names, citizenship identity numbers, residential addresses. and phone numbers of one million Indonesian citizens.

Kotz claimed to have a database containing the data of all 270 million citiziens.

“In a statement on Friday (May 21), a spokesman for the Communication and Information Ministry said that it was probing 100,002 samples, far fewer than claimed.” reported The Straits Times. “The spokesman, Mr Dedy Permadi, also said the data, such as card numbers, family information and payment status, was allegedly “identical” to those held by the Healthcare and Social Security Agency, BPJS Kesehatan, which runs Indonesia’s universal healthcare programme.”

The authorities also announced to have taken steps to prevent further data leaks.

“The Communication and Information Ministry has taken anticipatory measures to avert the spread of the data further by cutting off access to the links to download the personal data,” Permadi said.

The Healthcare and Social Security Agency, BPJS Kesehatan in investigating the possible source of the leak.

At the time of this writing it is not clear how the attackers have gained access to the citizens’ data.

In June 2020, researchers at threat intelligence firm Cyble discovered over 230.000 Indonesian COVID-19 patients’ records leaked in the darknet.

The leaked dump included name, address, present address, telephone number, citizenship, diagnosis date, result, result date, and many more.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Indonesia)

[adrotate banner=”5″]

[adrotate banner=”13″]