EHAC Data Allegedly Leaked, Community Asked To Update Care To Protect Applications

PeduliLindung data is feared to be leaked. (photo: caringlidungi.com)

JAKARTA - The electronic Health Alert Card (eHAC) system which is part of the PeduliLindung application which is being promoted by the government for various testing and tracing purposes, including entering malls, restaurants and hotels must be updated.

This was stated by Anas Ma'ruf, Head of the Data and Information Center of the Ministry of Health (Kemenkes), after the alleged data leak from the eHAC system emerged. Anas also stated that the government was looking for potential violations of the system. He said the potential flaw was in the previous version of the app, which had not been used since July 2.

Anas asked the public to delete the old application and said the violation may have come from a partner of the Ministry of Health. He said the eHAC system is currently managed by the government and its security is "guaranteed".

Meanwhile, VPN Mentor researcher said the flaw could expose people to phishing or hacking, as well as discourage people from using COVID-19 tracking apps.

Such data breaches indicate Indonesia's weak cybersecurity. In May, the government also launched an investigation into alleged breaches of social security data from the country's insurance company.

"EHAC from the old version is different from the eHAC system which is part of the new application," he said. "Currently, we are investigating this alleged violation."

Meanwhile, the Minister of Communication and Information (Menkominfo) Johnny G. Plate, stated that eHAC user data which is currently integrated in the PeduliLindung application is still safe. "The eHAC in PeduliLindung is currently still safe," he said, Tuesday (31/8/2021).

Plate admitted that he already knew about the information related to the leak of 1.3 million users of the eHAC application belonging to the Ministry of Health (Kemenkes).

"Based on the information we received, the leaked eHAC was an initial application in collaboration with a third party, before being transferred to PeduliLindungi," he claimed. "Currently the data leak information is being handled by the BSSN (National Cyber and Crypto Agency)."

The data that was reportedly leaked and exposed were the full name, date of birth, occupation, personal photo, population identification number, passport number, Covid-19 test results, hospital identity, address, telephone number and several other data.

Anas Ma'ruf also said that the alleged data leak occurred in the old eHAC application. He explained that the application was no longer used since July 2, 2021.

"The old eHAC application has not been used since July 2, 2021, in accordance with the circular letter from the Ministry of Health number HK.02.01/MENKES/847/2021 regarding the Digitization of Health Documents for Air Transportation Users who are Integrated with the Cares for Protection Application," he said.

"For eHAC in PeduliLindung, the server is at the National Data Center, and security is guaranteed from related institutions, both the Ministry of Communication and Information (Kominfo) and BSSN," he said.