Data 279 Juta Peserta BPJS Diduga Bocor, Pengamat: Ada Kelalaian Pengelolaan Sistem Keamanan

KOMPASTV

20 May 202103:01

Summary

TLDRA significant data breach has been reported, compromising the personal information of 279 million Indonesian citizens. The data, which includes sensitive details such as ID numbers, phone numbers, and salaries, is suspected to have been leaked by the Indonesian health social security body, BPJS Kesehatan, and sold on foreign websites. Cybersecurity expert Ardi Sutedja suggests that the leak may have occurred due to human error in managing the institution's data security system. BPJS Kesehatan has launched an investigation to trace the source of the leak, while the government's communication staff, Dedi Permadi, is currently unable to provide further comments on the matter.

Takeaways

🚨 A massive data leak has occurred involving 279 million Indonesian citizens' data.
🏥 The data is suspected to be from the Indonesian social security health organization, BPJS Kesehatan.
🌐 The leaked data includes sensitive personal information such as ID numbers, phone numbers, emails, full names, addresses, and salaries.
🔗 The data was reportedly sold on a foreign website, Richforum.com, and has gone viral on social media.
👤 Cybersecurity expert Ardi Sutedja suggests the leak has likely been happening for a while due to human resource mismanagement in data security systems.
🏢 Ardi believes it's unlikely that government or private institutions would intentionally leak customer data, but it could harm the institution itself.
💡 The expert points out that there are likely vulnerabilities in the systems, such as computers or servers, that have been exploited.
🔎 There is an emphasis on the need to investigate the weaknesses within the data security ecosystem.
🔍 BPJS Kesehatan has released a statement saying they are investigating the origin of the leaked data.
👮‍♂️ BPJS Kesehatan has deployed a special team to track down and identify the source of the data leak as quickly as possible.
📢 In response to the data leak, a spokesperson from the Indonesian Ministry of Communication and Information Technology stated that the investigation is ongoing and could not provide further comments at this time.

Q & A

What is the reported data breach incident?
-A data breach incident involving 279 million Indonesian citizens' data, including personal details such as ID numbers, phone numbers, emails, full names, addresses, and salaries, is suspected to have been leaked and sold on foreign websites.
Which organization is suspected of having leaked the data?
-The data breach is suspected to involve the Indonesian social security health organization, known as BPJS Kesehatan.
Where was the leaked data reportedly sold?
-The leaked data was reportedly sold on a forum website named Rich forum.com.
What kind of data was included in the breach?
-The breached data included sensitive personal information such as KTP (Indonesian ID card) numbers, phone numbers, emails, full names, addresses, and salaries.
What is the opinion of cyber security expert Ardi Sutedja regarding the breach?
-Ardi Sutedja suggests that the breach may have started a long time ago due to negligence in managing customer data security systems within an institution, rather than a deliberate leak by government or private organizations.
What are the potential risks to the institution from such a data breach?
-Ardi Sutedja indicates that such a breach could harm the institution itself by revealing vulnerabilities in their computer systems and potentially leading to further exploitation.
What actions has BPJS Kesehatan taken in response to the data breach?
-BPJS Kesehatan has deployed a special team to track down and identify the source of the leaked data as quickly as possible.
How many participants does BPJS Kesehatan have?
-BPJS Kesehatan has approximately 222.2 million participants.
What is the response from the Indonesian Ministry of Communication and Information Technology regarding the breach?
-The Ministry, represented by Dedi Permadi, has acknowledged the incident and stated that it is still under investigation, with no further comments available at the moment.
What is the significance of the data breach for Indonesian citizens?
-The breach is significant as it involves a large portion of the Indonesian population, potentially exposing them to identity theft and other forms of cybercrime.
What measures should institutions take to prevent such data breaches?
-Institutions should invest in robust cybersecurity measures, regularly update their systems, and train their staff to handle sensitive data securely to prevent future breaches.

Outlines

00:00

🔒 Data Breach of 279 Million Indonesians

A data breach has reportedly occurred involving the personal information of 279 million Indonesian citizens, including sensitive details such as ID numbers, phone numbers, email addresses, full names, and even salaries. The data is suspected to have been leaked and sold on foreign websites. An individual on a forum, specifically Rich forum.com, has been selling this information, which has now gone viral on social media. Cybersecurity expert Ardi Sutedja suggests that such breaches have likely been happening for a while due to negligence in managing customer data security systems. He emphasizes that it is unlikely for government or private institutions to intentionally leak private customer data, but rather, it is the exploitation of existing security flaws by hackers. The weaknesses in computer systems, especially in smaller institutions that may not have invested sufficiently in technology, are targeted. The BPJS Health, an Indonesian social security administration, has released a statement saying they are investigating the matter and have deployed a special team to trace and identify the source of the leak. BPJS Health has also stated that they have 204 million participants, and they are taking the issue very seriously.

Mindmap

Keywords

💡Data Breach

A data breach refers to the unauthorized access and disclosure of sensitive personal information. In the video, it is revealed that data from 279 million Indonesian citizens, including sensitive details like their national identification numbers (KTP), phone numbers, and email addresses, was leaked and sold online. This incident underscores the vulnerability of large databases and the potential consequences of weak cybersecurity.

💡BPJS Kesehatan

BPJS Kesehatan is Indonesia's Health Care and Social Security Agency, responsible for providing healthcare coverage to citizens. In the video, it is suggested that a major data leak may have originated from BPJS Kesehatan, exposing personal information of millions of its members. This agency's involvement is critical to understanding the scope and severity of the data breach.

💡Cybersecurity

Cybersecurity refers to the measures and technologies used to protect systems, networks, and data from digital attacks. The video highlights how the BPJS Kesehatan data breach is a result of failures in cybersecurity, particularly due to human resource issues and potential weak spots in the security systems of organizations, both public and private.

💡Personal Data

Personal data encompasses information that can identify individuals, such as names, addresses, phone numbers, and salaries. The video discusses how the leaked data contains such sensitive information, which can lead to identity theft and other forms of cybercrime when exploited by malicious actors.

💡Rich Forum

Rich Forum is the platform where the stolen data was allegedly sold. It is a foreign website, and the sale of such vast amounts of personal information on it shows how compromised data can be monetized on international black markets. This forum became central to the investigation of the breach.

💡Human Error

Human error in the context of cybersecurity refers to mistakes made by people that lead to security vulnerabilities. In the video, cybersecurity expert Ardi Sutedja suggests that human error may have played a significant role in this data breach, as it’s unlikely that a large institution like BPJS Kesehatan would intentionally leak personal data.

💡Data Security System

A data security system involves all tools, policies, and procedures put in place to protect data from unauthorized access or alterations. The video refers to weaknesses in the data security systems of both governmental and private organizations, which allowed for the data breach. Investigating these vulnerabilities is critical to preventing future incidents.

💡KTP (National Identification Number)

The KTP, or National Identification Number, is a unique number assigned to each Indonesian citizen. In the data breach, this number was among the personal details compromised. The KTP is critical for identity verification in various services, and its leakage poses significant risks to individual privacy and security.

💡Investigation

An investigation refers to the systematic process of uncovering the truth behind an incident. In the video, both BPJS Kesehatan and government authorities are conducting investigations to determine whether the leaked data indeed originated from BPJS and to identify how the breach occurred.

💡Cybercrime

Cybercrime refers to criminal activities that involve computers or networks. The sale of sensitive personal data on platforms like Rich Forum, as highlighted in the video, constitutes cybercrime. The video suggests that such breaches lead to wider cybercriminal activity, including fraud and identity theft.

Highlights

Data breach involving 279 million Indonesian citizens' data suspected.

Indonesia's health social security body, BPJS Health, potentially affected.

Data includes sensitive personal information such as ID numbers, phone numbers, and salaries.

Data was reportedly sold on a foreign website, Rich forum.com.

The sale of the data has gone viral on social media.

Cybersecurity expert Ardi Sutedja suggests the breach has been ongoing for some time.

Ardi Sutedja points out human resource negligence in managing customer data security systems.

It is unlikely for government or private institutions to intentionally leak customer data, according to Ardi.

The breach could harm the institution itself by exposing its security flaws.

Ardi highlights the need to look into the institution's computer systems for vulnerabilities.

The weakness in data security ecosystems must be investigated.

BPJS Health releases a statement saying they are investigating the origin of the leaked data.

BPJS Health has deployed a special team to track down the source of the leak.

The number of BPJS Health participants is stated to be 222 million.

BPJS Health's spokesperson, Iqbal Anas, confirms the investigation is ongoing.

Dedi Permadi, a special staff member at the Ministry of Communication and Informatics, responds to the data breach.

The investigation into the data breach is still in its early stages, with no further comments available yet.