KPAI And Bank Jatim Data Indicated For Sale On RaidForums

ILLUSTRATION/UNSPLASH

JAKARTA - The leak of personal data appears again this time allegedly a database belonging to the Indonesian Child Protection Commission (KPAI). Allegedly this data is sold on RaidForums.

Chairman of the CISSReC Cyber Security Research Institute, Pratama Persadha explained that an account called C77 uploaded data belonging to KPAI which was sold on RaidForums.

"The data is suspected to contain a database of public reporting from all over Indonesia from 2016 until now," said Pratama in a written statement, Thursday, October 21.

According to him, the database has complete details about the identity of the complainant such as name, identity number, nationality, telephone, cellphone, religion, occupation, education, address, email.

Including data on place of birth, date of birth, gender, province, city, age, and reporting date.

“Two databases were provided, namely 13MB in size with the file name kpai_pengaduan_csv and 25MB with the name pai_pengaduan2_csv. To download it, RaidForums users must issue 8 credits per data or around Rp. 35 thousand," said Pratama.

In addition, there are also columns of monthly income data, case summaries, mediation results. It is even suspected that there is a list of identity data for underage victims.

“The existing data is very sensitive data to be misused on the internet. Like online fraud, as has often happened recently," he explained.

As for Bank Jatim, data is sold by an account with the username bl4ckt0r at a price of 250,000 dollars. The perpetrator stated that 378GB of data contained 259 databases, along with sensitive data such as customer data, employee data, including personal financial data.

"Of course this is a serious concern for the government. Digital forensics needs to be done to find out which security holes are used to break through, whether from the SQL (Structured Query Language) side so that SQL Injection is exposed or there are other security holes," said Pratama.

According to him, strengthening the system and human resources must be improved. The adoption of the main technology for data security also needs to be done. Indonesia itself is still considered vulnerable to hacking because cybersecurity awareness is still low.

“There have been many incidents like this, the government and the DPR should have agreed to pass the PDP Law. Without a strong PDP Law, private data managers, both state and private institutions, will not be able to be further held accountable and will not be able to force them to improve technology, human resources and information system security," said Pratama.