Data Leaks Happen Again, House Of Representatives Commission I: This Is A Hard Alarm For The Government

Alleged data leaks of 6 million NPWP data (photo: Teguh Aprianto)

JAKARTA - Data leaks are happening again in Indonesia, this time the NPWP data hack was targeted. Commission I of the DPR urges the Government to seriously handle hacking cases by increasing cyber security and security of public personal data as soon as possible.

"This has happened for the umpteenth time, and it must be a strong alarm for the Government to immediately increase cyber security so that data on every citizen is protected," said Member of Commission I DPR RI Sukamta, Thursday, September 19.

This alleged data leak was conveyed by the founder of the Indonesian Ethical Hacker Teguh Aprianto in his upload on social media on Wednesday, September 18. At least 6 million data on the Taxpayer Identification Number (NPWP) were leaked and sold by Bjorka at the Bjorka Forums.

Some of the leaked data including even belonging to President Joko Widodo, Vice President-elect Gibran Rakabuming Raka, PSSI General Chair Kaesang Pangarep, to Finance Minister Sri Mulyani and several data allegedly belonging to a number of other ministers.

Sukamta assessed that the problem of data leakage should not stop only until further investigation and investigation as before. The government, he said, must immediately take concrete steps in strengthening cybersecurity in all sectors, including in the government and private sectors.

Moreover, continued Sukamta, the leakage of NPWP data includes sensitive information such as Population Identification Number (NIK), address, telephone number, and email.

"Data protection must be a top priority, not only as a reaction to incidents, but as a systematic long-term policy," said Sukamta again.

According to Sukamta, this leak is a serious threat considering that it has targeted the President's data as the number one person in Indonesia to ministerial level officials.

"This is a serious threat, not only for individual privacy but also for national security. This case is clear evidence that cybersecurity in Indonesia is still very vulnerable," said the legislator from the Yogyakarta Special Region (DIY) electoral district.

In addition to evaluation, the Government, in this case the Minister of Finance and the Director General of Taxes, must also carry out internal investigations to find out the weaknesses of the data system they have so that there is an NPWP leak.

Commission I of the DPR in charge of communication and informatics affairs also asked the Government to provide a detailed explanation to the public regarding this data leak. Sukamta said this was intended to make the public feel safer regarding leaked data information.

"People must be able to feel safe that their personal data is well maintained by the government and related institutions. So there needs to be a detailed explanation from the Government. If the leak continues and there is no explanation, then public trust will be difficult to recover," he explained.

It is known, data from the Ministry of Communication and Information shows that throughout 2019 to May 14, 2024, 111 cases of data leakage have been handled. This made Indonesia enter 10 countries with the largest data leakage in the period from January 2020-January 2024 according to Surfshark, a virtual private network (VPN) company from the Netherlands.

Indonesia is also the country with the 8th most data leak in the world with an estimated 94.22 million accounts leaked.

Seeing this data, Sukamta assessed that cybersecurity is not a problem that can be underestimated in this digital era. He reiterated the importance of the state to immediately form an institution of the Personal Data Protection Authority (OPDP) as mandated by Law No. 27 of 2022 concerning Personal Data Protection (PDP).

"I have repeatedly conveyed to immediately issue regulations for the formation of PDP institutions. The number of data leaks whose even law enforcement is rarely clear shows that Indonesia really needs data protection agencies," said Sukamta.

Sukamta also reminded the importance of competent IT personnel to help the State. The PKS politician urged the Government to show its commitment in handling data leak cases seriously.

"Technology continues to develop, and we must be able to keep up with these developments so that our system is not easily hacked. One of them is by recruiting competent IT personnel. Don't just go home as a formality," he said.

Investigations, added Sukamta, must also be carried out thoroughly with the party responsible in accordance with the applicable law. He considered that close cooperation with experts was needed in order to create a stronger and more resilient cyber system.

"This collaboration can help the Government in identifying and improving existing weaknesses. Because this is also related to intelligence and national defense issues," he added.

Previously, throughout 2024 there had been several cases of data leakage experienced by the Government, including data leakage from the Ministry of Communication and Information (Kominfo), namely the Temporary National Data Center (PDNS) 2. Cybercrime also affects the National Police Inafis to the TNI Strategic Intelligence Agency (BAIS) who became victims of hackers named MoonzHaxor on the BreachForums website.

Not only that, ASN data was also hacked and offered by hackers at BreachForums, a hacking sale and purchase forum, for US$10 thousand or around Rp 160 million. Hackers claim to have obtained data from BKN in the amount of 4,759,218 rows.

"The problem of personal data leakage is no longer playing games. We hope that the commitment of the Government and related institutions to want to improve themselves for the safety of Indonesian public data," concluded Sukamta.