Conceded BPJS And How Our Personal Data Is Cashed

JAKARTA - The results of an investigation by the Ministry of Communication and Informatics (Kominfo) ensure that the personal data of Indonesians leaked in hacker forums comes from the Health Social Security Organizing Agency (BPJS). This raises the issue of personal data that is far from the mastery of authority.

The certainty of the source of the data leak is based on the codes contained in the BPJS Kesehatan data collection system, including card number (noka), office code, family data / dependent data, and payment status. Everything is identical to BPJS Kesehatan data.

The leaked personal data appears in Excel table format and is sold in an online forum, Raid Forums. The data seller is an account called Kotz. Kotz is a reseller of that personal data.

Photo illustration (Aditya Fajar/VOI)

That is, it sold personal data after previously buying to certain parties. Kotz claims to have copies of data on up to 279 million Indonesian identities. However the data shown only ranges in the number of one hundred thousand.

Kominfo Spokesman Dedy Permadi said it has now applied for termination of access to download links on mega.nz, anonfiles.com and bayfiles.com pages. Previously, another government agency, the Electoral Commission (KPU) had also conceded.

At the time, voter data in 2014 was leaked and traded. In addition to state agencies, data leak cases also occur in tokopedia and Bukalapak users, the two largest marketplaces in Indonesia.

What are the risks of personal data leakage?

CISReC Chairman Pratama Persada said the data leak could be interpreted as an act of theft. It could even be even more dangerous, given that the data could be misused for other crimes.

"The principle is that this personal data is targeted by many people. It is very dangerous if this data is leaked," Pratama told VOI, Friday, May 21.

Pratama said it had examined directly some of the 279 million population data that Raid Forums sold. According to Pratama the data is valid and at risk of being used as the raw material for digital crime, especially banking.

"From this data can be used by criminals to create fake ID cards and then break into the victim's account," he said.

What is personal data? Can it be cashed?
Photo illustration (Source: Unsplash)

A great disadvantage when our personal data is monetised or cashed out by certain parties. Yes, what happens in data theft is the illegal monetization of our personal data. Before delving into personal data monetization schemes, we need to first look at ourselves as data. Who are we if we are data.

Quoted from voi's typical series entitled Kita is Personal Data Traded, at least, there are three classifications that can describe ourselves as data. First, we are "basic data". There are a number of things included in the basic data, namely The Residence Number (NIK), Family Card information (KK).

Second, we as "credential data" which includes digital email accounts, social media, to access to digital applications and services that we use everyday. In the context of digital activity, credential data is the main commodity.

The third perspective is that we are the same as "financial data", which includes account data, pin authentication, and other personal information related to our financial access, both online and offline. Each of these classifications of personal data has a specific monetization scheme, can run independently or interconnected with each other.

"So now the most valuable it is in the world of e-commerce it's yes credential. Second, financial data. Money, accounts, pin authentication, and the like... There are economic factors. The economic motivation behind it is behind why data like this is targeted," Alfons.

[SERIES WRITING: Who Owns Personal Data and Why It Matters to Master It]

Yesterday's personal data leak case has not been so clear. However, the precedent for monetization of basic data is unprecedented in the case of the Directorate General of Population and Civil Records of the Ministry of Home Affairs (Dukcapil). In that case the police arrested a suspect.

Quoted Tempo.co, the perpetrator admitted to selling the personal data on temanmarketing.com site. The personal data is sold at various prices, including in packages tailored to the needs of the buyer. From the arrest it is known that the perpetrator has 50,854 households, 1,162,864 NIK, 761,435 mobile phone numbers, as well as 129,421 credit card numbers and 64,164 account numbers.

"It can be various (purposes of buying and selling). If you look at the most it's now a mobile number. The scam is via WhatsApp. The goal, the majority of it (financial gain). It's all kinds of stuff. It's usually hijacked (WA) and asks for money to his friends, for example," Alfons said.

Another case involves fintech company KreditPlus. Monday, August 3, the case was widely discussed after cybersecurity activist Teguh Aprianto shared his findings on Twitter. In Teguh's upload, it is known that 896 personal data of KreditPlus users were traded on hacker forums.

The leaked personal data includes name, ID card, email, password, address, mobile number, work data, to the guarantor's family data. KreditPlus itself is a multipurpose motorcycle, car, and heavy equipment financing service owned by PT Keuangan Multi Finance. This financial company established since 1994 has also been registered and supervised directly by the Financial Services Authority (OJK).

*Read more information about ISRAEL-PALESTINE or read other interesting writings from Aditya Fajar and Yudhistira Mahabharata.

Other BERNAS

Tag: bpjs kementerian komunikasi dan informatika perlindungan data pribadi