Serious Threat From Leaking 279 Million BPJS Kesehatan Data

JAKARTA - A total of 270 million Indonesian population data stored in BPJS Kesehatan was reportedly leaked to hacker forums. Data leakage is clearly dangerous and troubling, especially information in the form of NIK (identity number) that is traded in cyberspace.

Chairman of CISSReC (Communication and Information System Security Research Center), Pratama Persada, said the data leak could be interpreted as an act of theft. It could even be even more dangerous, given that the data could be misused for other crimes.

"The principle is that this personal data is targeted by many people. It is very dangerous if this data is leaked," Pratama told VOI, Friday, May 21.

Pratama said it had examined directly some of the data from the 279 million population data traded on the Raid Forums hacker forum. Based on the data uploaded by an account named Kotz is quite complete, including name, place of birth date, address, number of dependents. There is even a mobile number, NIK KTP (Identity Card Number), and NPWP (Taxpayer Identification Number).

"Because the data is valid and can be used as raw material for digital crime, especially banking crimes. From this data can be used by criminals to create fake ID cards and then break into the victim's account," he explained.

However, Pratama does not rule out the possibility that the data is invalid. Because the owner of the data claims the data is sourced from BPJS.

"Let's just wait to see if this is true data leaked from BPJS or other institutions. Because the amount of user data BPJS is not that much. It means that the perpetrator can claim excessive or lying if the BPJS data is true", explained Pratama.

Investigation of the Ministry of Communication and Informatics of the Republic of Indonesia

The Ministry of Communication and Informatics (Kominfo) has investigated to ascertain the leak of data suspected to be from the Social Security Organizing Agency (BPJS) health in the hacker forum Raid Forum.

"The Ministry of Information continues to conduct in-depth searches and investigations. It will also coordinate with the relevant parties", said spokesman Dedy Permadi.

As a measure of anticipation, Kominfo said Dedy has applied for termination of access to three links containing sample data in byflies.com, mega.nz, and anonfiles.com. "For now all three links have been taken down".

To avoid negative impacts, Kominfo asked all-digital platform providers and personal data managers, to further improve efforts to maintain the security of managed personal data. This includes complying with applicable personal data protection provisions and ensuring the security of electronic systems operated.