A hacker that has been selling breached data from Indonesia on an online marketplace has a few choice words for Indonesia’s Ministry of Communications and Information (Kominfo).
The message, written in a new post by a seller on the marketplace who goes by the handle Bjorka, came after Kominfo Director General of Informatics Applications Semuel Abrijani Pangerapan appealed to hackers to tap into their good conscience.
“If you can, don’t attack. Every time data is leaked, the people lose out, because that’s illegal access,” Semuel said during a press conference on Monday, adding that those who compromise the public’s data will face legal consequences.
“If you want to shame [the government], find other ways to do so. Don’t spread the people’s data.”
On Tuesday, Bjorka wrote in a new post, “My message to Indonesian government: Stop being an idiot.” The hacker also uploaded a screenshot of a translated local news report containing Semuel’s statement.
The statement further highlights Kominfo’s apparent inability to identify the root of the data breach problem. Previously, the ministry said it would block local access to the data leak marketplace, before realizing that doing so would probably impede its efforts to investigate data breaches in the country.
Kominfo has also denied negligence on its part after Bjorka listed 1.3 billion Indonesian SIM card registration data for sale on the marketplace last week. The ministry passed regulations requiring Indonesians to register their KTP (ID cards) and KK (Family Cards) with their cell numbers in 2017.
Over the past month, Kominfo has had to answer several queries regarding alleged massive data breaches from Indonesia, including one containing private data of more than 17 million customers of state utility firm PLN, as well as confidential documents from 21.7 thousand domestic and multinational companies in Indonesia.
A common sentiment among netizens online is of helpless resignation, as major data breaches like these have been all too common in Indonesia in recent years. Many lamented how calls for a comprehensive law on data protection have largely gone ignored.
The Personal Data Protection Bill, which aims to be just that, has stalled in parliament since 2014.
Indeed, there have been no apparent long-term commitments to strengthen cybersecurity in the country following massive data breaches in the past, including a social security data leak of 279 million people (including the deceased) in May 2021 and how the data of 91 million users of e-commerce platform Tokopedia were traded online in June 2020.