Data 279 Juta Peserta BPJS Diduga Bocor, Pengamat: Ada Kelalaian Pengelolaan Sistem Keamanan

KOMPASTV

20 May 202103:01

Summary

TLDRA significant data breach has been reported, compromising the personal information of 279 million Indonesian citizens. The data, which includes sensitive details such as ID numbers, phone numbers, and salaries, is suspected to have been leaked by the Indonesian health social security body, BPJS Kesehatan, and sold on foreign websites. Cybersecurity expert Ardi Sutedja suggests that the leak may have occurred due to human error in managing the institution's data security system. BPJS Kesehatan has launched an investigation to trace the source of the leak, while the government's communication staff, Dedi Permadi, is currently unable to provide further comments on the matter.

Takeaways

🚨 A massive data leak has occurred involving 279 million Indonesian citizens' data.
🏥 The data is suspected to be from the Indonesian social security health organization, BPJS Kesehatan.
🌐 The leaked data includes sensitive personal information such as ID numbers, phone numbers, emails, full names, addresses, and salaries.
🔗 The data was reportedly sold on a foreign website, Richforum.com, and has gone viral on social media.
👤 Cybersecurity expert Ardi Sutedja suggests the leak has likely been happening for a while due to human resource mismanagement in data security systems.
🏢 Ardi believes it's unlikely that government or private institutions would intentionally leak customer data, but it could harm the institution itself.
💡 The expert points out that there are likely vulnerabilities in the systems, such as computers or servers, that have been exploited.
🔎 There is an emphasis on the need to investigate the weaknesses within the data security ecosystem.
🔍 BPJS Kesehatan has released a statement saying they are investigating the origin of the leaked data.
👮‍♂️ BPJS Kesehatan has deployed a special team to track down and identify the source of the data leak as quickly as possible.
📢 In response to the data leak, a spokesperson from the Indonesian Ministry of Communication and Information Technology stated that the investigation is ongoing and could not provide further comments at this time.

Q & A

What is the reported data breach incident?
-A data breach incident involving 279 million Indonesian citizens' data, including personal details such as ID numbers, phone numbers, emails, full names, addresses, and salaries, is suspected to have been leaked and sold on foreign websites.
Which organization is suspected of having leaked the data?
-The data breach is suspected to involve the Indonesian social security health organization, known as BPJS Kesehatan.
Where was the leaked data reportedly sold?
-The leaked data was reportedly sold on a forum website named Rich forum.com.
What kind of data was included in the breach?
-The breached data included sensitive personal information such as KTP (Indonesian ID card) numbers, phone numbers, emails, full names, addresses, and salaries.
What is the opinion of cyber security expert Ardi Sutedja regarding the breach?
-Ardi Sutedja suggests that the breach may have started a long time ago due to negligence in managing customer data security systems within an institution, rather than a deliberate leak by government or private organizations.
What are the potential risks to the institution from such a data breach?
-Ardi Sutedja indicates that such a breach could harm the institution itself by revealing vulnerabilities in their computer systems and potentially leading to further exploitation.
What actions has BPJS Kesehatan taken in response to the data breach?
-BPJS Kesehatan has deployed a special team to track down and identify the source of the leaked data as quickly as possible.
How many participants does BPJS Kesehatan have?
-BPJS Kesehatan has approximately 222.2 million participants.
What is the response from the Indonesian Ministry of Communication and Information Technology regarding the breach?
-The Ministry, represented by Dedi Permadi, has acknowledged the incident and stated that it is still under investigation, with no further comments available at the moment.
What is the significance of the data breach for Indonesian citizens?
-The breach is significant as it involves a large portion of the Indonesian population, potentially exposing them to identity theft and other forms of cybercrime.
What measures should institutions take to prevent such data breaches?
-Institutions should invest in robust cybersecurity measures, regularly update their systems, and train their staff to handle sensitive data securely to prevent future breaches.