Ministry of Home Affairs Investigating Alleged Leakage of 337 Million Dukcapil Data
More than 337 million data allegedly coming from the Ministry of Home Affairs Directorate General of Dukcapil servers were sold on the breachforums hacker forum on July 14.
This article has been translated using AI. See Original .
About AI Translated Article
Please note that this article was automatically translated using Microsoft Azure AI, Open AI, and Google Translation AI. We cannot ensure that the entire content is translated accurately. If you spot any errors or inconsistencies, contact us at hotline@kompas.id, and we'll make every effort to address them. Thank you for your understanding.
By
IQBAL BASYARI
·3 minutes read
The following article was translated using both Microsoft Azure Open AI and Google Translation AI.
JAKARTA, KOMPAS —The Ministry of Home Affairs is investigating an alleged leak of 337 million data related to Indonesian residents that were sold on breachforums hacker forums. Mitigation needs to be done considering that personal data that is allegedly leaked has the potential to be misused for criminal acts. It is hoped that a personal data protection agency will be formed soon so that data controllers are motivated to strengthen their security system.
The alleged leak of population data was initially revealed by the founder of Ethical Hacker Indonesia, Teguh Aprianto, on his Twitter social media account @secgron, Sunday (16/7/2023) evening. He wrote a tweet accompanied by a screenshot about the sale of data by the anonymous account "RRR" on breachforums on July 14. The account sells 337,225,465 data said to come from the dukcapil server.kemendagri.go.id.
Teguh Aprianto mentioned that the confirmed leaked data includes names, identification numbers (NIK), family card numbers (KK), date of birth, address, father's name and NIK, mother's name and NIK, and birth or marriage certificate numbers.
Analysis of the data field sold by the account "RRR" tends to lead to population data managed by the Ministry of Home Affairs. Some of the data elements are related to the issuance of electronic identity cards (e-KTP).
In response to the alleged data breach, Director General of Population and Civil Registration (Dukcapil) at the Ministry of Home Affairs (Kemendagri), Teguh Setyabudi, emphasised that his team has taken action to follow up on the alleged population data leak that was sold on the online marketplace. A thorough audit investigation and preventive mitigation measures have been conducted since Sunday (16/7/2023) in conjunction with the National Cyber and Encryption Agency (BSSN) and other stakeholders.
"So far no traces of data leakage have been found in the centralized online Population Administration Information System (SIAK) which is currently being run by the Directorate General of Dukcapil of the Ministry of Home Affairs," said Teguh Setyabudi, in Jakarta, Monday (17/7/2023) .
According to him, the data found in breachforums is not in the same format as the data in the database owned by the Directorate General of Population and Civil Registration (Ditjen Dukcapil). Nevertheless, the process of auditing and investigation is still ongoing to further investigate the alleged data leak, including the database in the regencies/cities. "This step is also a form of preventive mitigation to prevent data leaks in the future," he said.
KTP-el data
However, according to Pratama Persadha's Head of the Communication and Information System Security Research (CISSReC), analysis of the data fields sold by the "RRR" account tends to lead to population data managed by the Ministry of Home Affairs. A number of data are data elements related to the issuance of an electronic identity card (KTP-el).
Moreover, according to Pratama, there are several data that are very dangerous for the affected community due to the leakage. One of which is the full name data of the biological mother which is usually used as data verification in various banking transactions. "Imagine how dangerous it is for the biological mother's name data if it falls into the hands of individuals who will engage in criminal and fraudulent activities, especially if the data is combined with other leaked data, which can obtain a complete data profile of potential fraud victims," he explained.
Member of Commission I DPR, Dave Akbarshah Fikarno, asked the government to immediately check the validity of the personal data being sold. This is important to ensure the correctness of the data being sold is it current or outdated.
Furthermore, Dave requested the government to create a clear blueprint that should be implemented in all government and private agencies that hold personal data in order to truly protect personal data. In addition, the government must develop a long-term plan for data security development, such as completing the Cyber Sovereignty Act and strengthening digital infrastructure and intrastructures.
"It would be better for the government to immediately form an institution for the protection of personal data, but the authority and capabilities of the institution must also be clear in order to function optimally," he said.
The existence of a personal data protection agency is urgent due to ongoing leaks of public data. Previously, in May, data amounting to 1.5 terabytes, including nine databases containing personal information of over 15 million customers and employees of BSI, was suspected to have leaked.
Editor:
ANITA YOSSIHARA
Share
Kantor Redaksi
Menara Kompas Lantai 5, Jalan Palmerah Selatan 21, Jakarta Pusat, DKI Jakarta, Indonesia, 10270.
Tlp.
+6221 5347 710
+6221 5347 720
+6221 5347 730
+6221 530 2200
Kantor Iklan
Menara Kompas Lantai 2, Jalan Palmerah Selatan 21, Jakarta Pusat, DKI Jakarta, Indonesia, 10270.