ASN Personal Data Leaks Again, DPR: Cyberspace Needs Competent People!

JAKARTA - Personal data from the State Civil Apparatus (ASN) allegedly leaked due to hacking carried out by anonymous hackers "TopiAX". The DPR urges the Government to conduct investigations and evaluate human resources (HR) in state cyber institutions.

"The cyber world requires competent people! PDP institutions (personal data protection), and also in this case BSSN (State Cyber and Crypto Agency) must be filled by qualified people who are also reliable in protecting personal data and cyber security," said Member of Commission I Sukamta, Tuesday, August 12.

Sukamta assessed that the government, such as neglecting or not, has seen its seriousness in handling cyber crime cases.

"Data leaks have occurred frequently, but we have not been able to enforce the law regarding data protection, because the institution does not yet exist," he said.

Therefore, Sukamta urges the Government to immediately form an institution or Personal Data Protection Authority (OPDP) as mandated by Law no. 27 of 2022 concerning Personal Data Protection (PDP). This regulation is very important to see that in the near future Indonesia continues to experience data leakage.

"This rule is important because there are more cases of data leakage, and also because of the deadline for transitional provisions given by the PDP Law for 2 years since the law was passed on October 17, 2022. This means that there are only 2 months left to form the institution," explained Sukamta.

The legislator for the electoral district of the Special Region of Yogyakarta reminded that the world of technology is currently growing rapidly. Sukamta assessed that Indonesia should have policies or regulations governing cyber security and resilience (KKS) so that there are sanctions and deterrent effects for cybercriminals.

"Because technology continues to develop in seconds. Cybercriminals continue to update their crime technology. From the past until now we have continued to encourage the establishment of regulations on cyber security and resilience (KKS)," explained the Deputy Chairman of the Inter-Parliamentary Cooperation Agency (BKSAP) of the DPR RI.

"I think we really need the KKS Bill. We already have the PDP Law, it's just the KKS Bill that we need to discuss," continued Sukamta.

Hacked ASN data are known to be offered by hackers at BreachForums, a buying and selling forum from hacking, for US$10 thousand or around Rp 160 million. Hackers claim to have obtained data from BKN in the amount of 4,759,218 rows.

The data contains, among others, places and date of birth, titles, date of Candidates for Civil Servants (SK CPNS), date of civil servants, Civil Servant Identification Number (NIP), Decree Number, Civil Servant Letter Number, class, position, agency, address, identity number, telephone number, email, education, majoring, year of graduation.

Commission I of the DPR in charge of defense, intelligence, and information communication affairs also asked the Government to immediately follow up on the leakage of ASN data. Sukamta said that the number of cases of leakage of state data should be a warning for the Government to conduct a massive evaluation of Indonesia's cyber security system.

"This ASN data leak needs to be followed up immediately with a digital forensic audit to find out where the source of this leak came from, how it affected and who should be responsible," he said.

Sukamta also asked BSSN to work seriously to ensure that all security holes have been found and repaired. Especially because this problem did not last long after the leak of the Temporary National Data Center (PDNS) 2 belonging to the Ministry of Communication and Information (Kemenkominfo).

Not to mention the data leaks experienced by other ministries or institutions. Among others, the National Police Inafis to the TNI Strategic Intelligence Agency (BAIS) who became victims of hackers named MoonzHaxor on the BreachForums website.

"Obviously our cybersecurity system is still far from expectations. It takes very strong intervention and a serious commitment from the Government to ensure that there is no more data leakage in the future," concluded Sukamta.