A big data leakage cannot be taken lightly because it will have a serious impact on many people whose personal data is widely spread.
By
KOMPAS EDITOR
·3 minutes read
A large personal data leak occurred again; this time of data managed by the Health Care and Social Security Agency (BPJS Kesehatan). Don\'t underestimate the seriousness of this.
A big data leakage cannot be taken lightly because it will have a serious impact on many people whose personal data is widely spread. In addition to disturbed privacy, they can become easy targets of cybercrime, such as counterfeiting, fraud, extortion or doxing, which is the practice of exposing and disseminating information with malicious intent.
More seriously, it could even destabilize the country. The leakage of population data makes it easier for any party globally to launch computational propaganda operations, such as those that Russia and Cambridge Analytica allegedly carried out during the United States Presidential Election and Brexit referendum in 2016.
The BPJS Kesehatan data leakage was revealed after an account named Kotz, which acted as a buyer and seller of personal data, offered it on an online forum called Raid Forums.
The seller claimed to have 279 million copies of identity data of Indonesian citizens, showing an example of around 100,000. The leakage of personal data in Excel format was suspected to have originated from BPJS Kesehatan because it contained card numbers, family data or data of dependents, and payment status that is identical to the data managed by BPJS Kesehatan.
This case adds to the long list of data leakage cases in the last two years, such as the alleged leakage of personal data managed by Tokopedia, Bhinneka.com, Kreditplus, RedDoorz and the General Elections Commission (KPU).
Communication and Information Minister Johnny G. Plate told Kompas, Friday (21/5/2021) that his party had been investigating samples of personal data circulating since Thursday (20/5) on the Raid Forums. From the investigation it was found that the sample data did not amount to 1 million as claimed by Kotz, but only 100,002 personal data points. This figure is not a small number either.
The National Police\'s Criminal Investigation Department has summoned the board of directors of BPJS Kesehatan Ali Ghufron Mukti regarding this matter. Meanwhile, BPJS Kesehatan emphasized that it consistently ensured data security. For the record, so far, of all the data leakage cases that have ever occurred, none of the perpetrators has been completely revealed.
This case again reminded the House of Representatives (DPR) to accelerate the deliberation of the personal data protection bill (RUU PDP), which is currently being discussed by the government. Currently, there has not been any law regulating the security of personal data.
In this law, it is necessary to ensure that severe punishment is imposed on all parties who misuse personal data that does not belong to them, whether they are obtaining, collecting, disclosing, using, selling or buying.