Data Center

Jakarta, Indonesia — In a significant cybersecurity incident, the personal data of 34 million Indonesian passport holders has been exposed in a massive breach, prompting urgent responses from the government and raising concerns about the nation’s data protection measures. The breach was revealed when a hacker, known as “Bjorka,” allegedly obtained and leaked detailed personal information, including full names, passport numbers, expiration dates, dates of birth, and gender, offering the data for sale on the dark web​.

The Breach Details

The leaked data reportedly encompasses records from 2009 to 2020, stored in a 4-gigabyte file. Cybersecurity expert Teguh Aprianto, who disclosed the breach on social media, confirmed the validity of the sample data provided by the hacker. This breach adds to Indonesia’s history of data security incidents, which have frequently targeted both government and private sector databases​​.

Government Response

In response to the breach, the Indonesian Ministry of Communications and Informatics (Kominfo) and the National Cyber and Encryption Agency (BSSN) have initiated an investigation to verify the extent and impact of the data leak. Initial findings indicated discrepancies between the data structure in the national data center and the leaked information, leading officials to continue their verification efforts​​.

Silmy Karim, Director-General of Immigration, confirmed that the immigration data center is collaborating closely with Kominfo and BSSN to investigate the breach and to ensure enhanced security measures are implemented to prevent future incidents​.

Broader Implications

This breach is part of a troubling trend in Indonesia, which has seen a spike in cyberattacks over recent years. The country has recorded 94 data breaches between 2019 and 2023, with a notable increase of 75% in 2023 alone. Previous significant breaches included attacks on state-owned Bank Syariah Indonesia and leaks involving sensitive government information, including data on Indonesian President Joko Widodo​​.

Cybersecurity Landscape in Indonesia

Indonesia’s cybersecurity infrastructure has been under scrutiny due to its relatively low ranking on the National Cyber Security Index, where it currently stands 84th globally. Experts and officials have emphasized the urgent need to strengthen cybersecurity measures and regulatory frameworks to protect against such breaches​​.

The government has taken steps to address these vulnerabilities, including the passage of the Personal Data Protection Law in September 2022, which mandates stricter data protection protocols and grants citizens greater control over their personal information. However, the recent breach highlights ongoing challenges in enforcement and the need for robust cybersecurity defenses​​.

Public Reaction and Expert Opinions

Cybersecurity experts have expressed concerns about the potential misuse of the leaked data. Although the exposed data may initially appear less appealing to criminals compared to previous breaches, it still poses significant risks for identity theft and fraud. Experts underscore the importance of improving data security practices and increasing public awareness about data protection​ .

The hacker’s motive, according to investigations, appears to be a warning to the Indonesian authorities about their cybersecurity vulnerabilities rather than a malicious intent to cause harm. Nevertheless, this incident serves as a critical reminder for both the government and the public to prioritize data security​ 

Moving Forward

In response to the breach, the Indonesian government has announced plans to establish a dedicated data protection task force aimed at enhancing the security of state and public data. This initiative is part of a broader strategy to fortify the country’s cybersecurity infrastructure and prevent future breaches. Additionally, Kominfo is drafting new regulations to bolster data protection measures and expand the National Data Center to multiple locations across Indonesia.​ 

The recent breach underscores the critical need for continuous improvements in cybersecurity practices and infrastructure. As Indonesia navigates these challenges, the government’s response and future actions will be crucial in restoring public trust and ensuring the security of personal data.

For further updates and detailed coverage, follow ongoing reports from reliable sources such as Asia News Network and Indonesia Business Post​.