Indonesia’s government has admitted to leaks of personal data from the agency that runs its national health insurance scheme
On May 20th Kominfo, Indonesia’s Ministry of Communication and Information Technology, acknowledged it was aware of a post on notorious stolen-data-mart Raidforums offering to sell a million records leaked from the Badan Penyelenggara Jaminan Sosial (BPJS), an agency that runs national health insurance scheme Jaminan Kesehatan Nasional (JKN).
The Ministry said it had found leaked data and that the leak was not “massive”.
By May 21st, the Ministry stated it had identified an entity trying to sell the data and found the data itself on three sites – bayfiles.com, mega.nz, and anonfiles.com. The Ministry claimed only the last-named site had not responded to takedown requests, and that it hosted only around 100,000 records.
Later on the 21st a new announcement raised the number of stolen records to a million, said the fields matched those used by the BPJS, and said that further investigation is needed to understand the nature of the data and extent of the breach.
While Indonesia’s government has admitted it has a problem, it’s silent on how the leak happened and the possible implications of its citizens’ data circulating widely.
Indonesia has made digital government services a big part of its development plans, so this leak is most unwelcome. ®