Leaks Of 91 Million Data From Tokopedia To Denny Siregar, Evidence Of Weak Cybersecurity In Indonesia
JAKARTA - Leaks of 91 million Tokopedia user data were distributed for free on hacker forums. At the same time, social media activist Denny Siregar, threatened Telkomsel to go to court because his personal data had been hacked.
This incident reminds us of the vulnerability of data security in Indonesia, which is still weak. Moreover, the regulations that should protect every data and information of the community in cyberspace are still incomplete.
"The point is that in Indonesia, cybersecurity awareness is still lacking, it is getting worse with the lack of regulation. The ITE Law alone will not be able to create a safe and productive cyber ecosystem," said Head of the CISSReC Cyber Research Institute, Pratama Persadha to VOI, Monday, July 6. .
Apart from the ITE Law, Pratama said, the government must immediately complete the Personal Data Protection Bill (PDP) and the Cyber Security Resilience Law (KKS) to become a legal umbrella covering cyber areas in Indonesia. Without strict rules, it makes electronic system administrators both state and private cannot guarantee a good system and maintenance to safeguard important data and information.
"In principle, no information system or technology is without weakness or is immune from hacking,"
Pratama Persadha cybersecurity expert
Pratama explained how personal data will be very connected to one another in cyberspace. So that one case of data leakage can be used by certain individuals to carry out profiling, scaming or phishing by digging more information from someone.
In this case, the leakage of personal data belonging to social media activist Denny Siregar sued Telkomsel and the Ministry of Communication and Informatics (Kominfo) that the information was leaked. In his upload on Twitter, Denny shows how the account @ opposite6891 displays data consisting of name, address, NIK, KK, IMEI, OS, and device type.
"Telkomsel is obliged to make an internal investigation of how the number information even to the details of the IMEI and other important information that could fall into the hands of parties that are not supposed to. Including in the case of Tokopedia which leaked 91 million data, meaning we want to find anyone's number in the country, there is a possibility of getting it. through the leaked data, "said Pratama.
Regarding this case, Pratama said, reminding the government of the importance of protecting personal data. He also hopes that there will be coordination between related institutions and operators to be responsible for protecting the community.
"Not only throwing the ball at BSSN because it is related to hacking problems. Kominfo and BSSN must be leading in the formulation of the PDP Bill and the KKS Bill. Therefore, the role as a regulator must be implemented with the realization of laws that are pro-people," he continued.
Given that Indonesia does not yet have a special law regarding personal data protection. Pratama said that the General Data Protection Regulation (GDPR) applied by Europe can be an example for Indonesia.
"In case of hacking, let alone data theft, it will be checked whether all lists have been implemented or not. That is where the state protects the data of its citizens. Here, the organizers are still seen as victims, the spirit is different, protecting corporations is not protecting citizen data. countries, such as in Europe, "concluded Pratama.
Kominfo InvestigationFriends, from this case, it turns out that we just found out that our personal data is very vulnerable to being tapped. For example, from @ opposite6891, it was very easy for him to get data about me. I demand answers from @Telkomsel & @kemkominfo. This is terrible. It could happen to you and your family. pic.twitter.com/ZXsIbIc4r4
- Denny siregar (@ Dennysiregar7) July 5, 2020
Meanwhile, the Minister of Communication and Information, Johnny G Plate, responded to the indication of the hacking of personal data that had occurred to Denny. He revealed that his party had asked the operator to carry out an in-depth investigation.
"The Ministry of Communication and Information has also asked the relevant cellular mobile network operators (Tekomsel) to carry out an internal investigation and trace whether there has been theft or leakage of customer data," said Johnny.
Johnny hopes that the results of this investigation can be delivered soon. In addition, the man who is familiarly called Johnny Bang also explained that the implementation of cellular operator registration is already under the law and must of course be obeyed.
"The registration has been regulated in the Minister of Communication and Information Regulation No. 12/2016 on the registration of telecommunication service subscribers. As a business entity (operator) is obliged to comply with the laws and regulations," explained Johnny.
In accordance with Article 17 Paragraph 3 and Paragraph 5 of the MoCI regulation, the operation of a cellular mobile network is required to keep the data and / or identity of the subscriber confidential. Coupled with the lowest ISO27001 certification. For information security in managing customer data.
"From the results of the evaluation conducted by the Ministry of Communication and Information, currently all operators already have the ISO27001 certificate," said Johnny.