By: Aldia Putra) *
The government continues to strive to investigate the leakage of data on the 279 million people scattered on the Internet. In addition to conducting in-depth investigations, the Government also continues to strive to block sites that sell such data and form a joint team to tackle the problem of Indonesian citizen data leakage on the Internet.
The Indonesian government has regretted the leakage of data for Indonesian citizens, Tjahjo Kumolo as the Minister for Administrative Reform and Bureaucratic Reform (Menpan RB), admits that he is sorry for the leakage of data allegedly originating from BPJS Kesehatan.
His party also provides support to the Ministry of Communication and Informatics (Kominfo) to thoroughly investigate the leakage of BPJS Health participant data. Where there may be PNS / ASN data in it.
The data leaked for 279 million residents, indicated their names, telephone numbers, addresses, salaries and demographic data. It is estimated that ASN data is also included in the data leak. This is because ASN and TNI-Polri soldiers are also BPJS Kesehatan participants.
According to information, the Ministry of Communication and Informatics has been investigating the alleged data leakage since May 20, 2021. This issue originates from social media which say Indonesian population data was leaked and sold to online hacking forums. Of the 279 million data, 20 million of them are said to contain personal photos.
Meanwhile, BPJS Health also did not remain silent on this incident, where the insurance company from the government had formed a special team called the National Cyber and Crypto Agency (BSSN), the Ministry of Communication and Information and Telk om to carry out tracing. The Ministry of Communication and Information has also summoned the BPJS Kesehatan Directors to immediately confirm and re-test the leaked personal data.
In article 26 paragraph 1 of Law 19/2016 on electronic information and transactions, it is written that any use of information through electronic media concerning a person’s personal data must be carried out with the consent of the person concerned.
The basis was later revealed in the Minister of Communication and Information Technology Regulation No. 20/2016 concerning Protection of Personal Data in Electronic Systems. Article 36 of the ministerial regulation states that parties who disseminate personal data may be subject to sanctions in the form of oral, written warnings, cessation of activities or announcements on online sites.
There were until now the legal basis for personal data protection of Indonesian citizens are still in draft legislation (Bill).
The bill is considered important because so far it has been evident that law enforcers are still having difficulty applying strict penalties against individuals who leak consumer data.
So it is important that the bill on personal data protection can be passed immediately into law.
The Managing Director of Bpjs Kesehatan Ali Ghuffron Mukti reported to the DPR Health Commission in a meeting at the DPR Building , that on May 20, 2021, BPJS immediately coordinated and investigated the alleged hacking.
In the case of this data leak, it is suspected that the leaked data was traded by an account called Kotz on the Raid Forums. Ali said that the data was similar to what they had, but it was not yet known whether the data was sourced from BPJS or not.
On May 21, 2021, BPJS held a meeting with a number of parties. Starting from the Supervisory Board of BPJS, BSSN, Ministry of Communication and Information, Cyber Ministry of Defense, to IT Security Expert from Telkomsigma which is a company under PT Telkom (Persero) Tbk.
Furthermore, BPJS secures the access point by conducting closings and investigations. Then, BPJS temporarily suspended all cooperation related to data exchange.
On the same day, Kominfo has also closed access to the raidforums.com site and 3 other links where the leaked data was downloaded. Starting from bayfiles.com, mega.nz and anonfiles.com.
On May 22, the BPJS Health team , BSSN and the Security Operation System Team conducted a digital forensic search and verified sample data from Kotz’s account. In total there are 100 thousand samples and the search is still ongoing.
A day later, BPJS Management also prepared a letter requesting legal protection to the Bareskrum Polri. In addition, BPJS also coordinates with Kominfo.
BSSN also assists the process of internal investigations, to mitigate steps for things that have the potential to cause data security disturbances.
Not forgetting , BPJS is also taking a number of steps in an effort to prevent data leakage, including strengthening information technology security systems.
This step, of course, should be appreciated as a form of government concern for unexpected things , we all hope that this problem will not be repeated, so that the confidentiality of public data can be guaranteed.
) * The author is a citizen living in Depok