Indonesia ‘s government confirms social security data breach for some citizens

Indonesia has launched an investigation into a possible security incident that caused the leak of social security data for more than 270 million citizens.

Indonesia’s Communication and Information Ministry has confirmed a leak of social security data, it attempted to downplay the incident explaining that it only impacted a small portion of the population.

The authorities launched an investigation into the data leak after a user, that goes with the handle Kotz, posted on a hacker forum samples of data belonging to Indonesian citizens. The leaked records include names, citizenship identity numbers, residential addresses. and phone numbers of one million Indonesian citizens.

Kotz claimed to have a database containing the data of all 270 million citiziens.

“In a statement on Friday (May 21), a spokesman for the Communication and Information Ministry said that it was probing 100,002 samples, far fewer than claimed.” reported The Straits Times. “The spokesman, Mr Dedy Permadi, also said the data, such as card numbers, family information and payment status, was allegedly “identical” to those held by the Healthcare and Social Security Agency, BPJS Kesehatan, which runs Indonesia’s universal healthcare programme.”

The authorities also announced to have taken steps to prevent further data leaks.

“The Communication and Information Ministry has taken anticipatory measures to avert the spread of the data further by cutting off access to the links to download the personal data,” Permadi said.

The Healthcare and Social Security Agency, BPJS Kesehatan in investigating the possible source of the leak.

At the time of this writing it is not clear how the attackers have gained access to the citizens’ data.

In June 2020, researchers at threat intelligence firm Cyble discovered over 230.000 Indonesian COVID-19 patients’ records leaked in the darknet.

The leaked dump included name, address, present address, telephone number, citizenship, diagnosis date, result, result date, and many more.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Indonesia)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.