Cominfo Investigation Case 279 Million Data Leaked, 100 Thousand Data Identical To BPJS Health
JAKARTA - The Ministry of Communication and Information (Kominfo) conducted an investigation related to the alleged leak of 279 million personal data of Indonesian residents suspected of being registrants of BPJS Kesehatan.
From the development of personal data samples since May 20, it was found that an account named Kotz sold personal data in Raid Forums.
"Kotz's own account is a buyer and seller of personal data or resellers," Said Ministry of Information Spokesman Dedy Permadi in a statement, Friday, May 21.
From the findings, Dedy revealed, the sample data does not amount to 1 million as the seller claims. But that amounts to 100,002 records.
The sample data is strongly suspected to be identical to bpjs health data seen data structure consisting of card number, office code, family data / dependent data, and payment status.
"Identical to bpjs health data," he said.
Dedy said, Kominfo has taken various anticipatory measures to prevent the spread of data more widely by proposing termination of access to links to download personal data.
"There are 3 links that are identified, namely bayfiles.com, mega.nz and anonfiles.com. Until now links in bayfiles.com and mega.nz have been taken down, while anonfiles.com are still being sought for immediate termination of access," dedy said.
Dedy said, Kominfo has also called the Board of Directors of BPJS Kesehatan as the manager of personal data that was allegedly leaked today.
"This call is for the purposes of the investigation process in more depth in accordance with the mandate of Government Regulation No. 71 of 2019," he explained.
In accordance with Government Regulation No. 71 of 2019 concerning The Implementation of Electronic Systems and Transactions (PP PSTE) and Regulation of the Minister of Information No. 20 of 2016 concerning the Protection of Personal Data in Electronic Systems, PSE (Electronic System Operators) whose electronic systems are seriously impaired due to the failure of personal data protection are obliged to report in the first opportunity to the Ministry of Communication and other authorities.
In addition, he said, PSE is also obliged to provide notice in writing to the owner of personal data.
"In the event that it is known that there is a failure of personal data protection," said Dedy