With the frequency that data breaches have been reported in Indonesia lately, we wouldn’t be surprised if hackers manage to learn about that embarrassing incident we experienced in sixth grade at this point.
Remember when, in 2017, the Ministry of Communications and Information (Kominfo) began requiring Indonesians to validate their prepaid SIM cards by registering their KTP (ID cards) and KK (Family Cards) with the ministry?
If you’ve been wondering whether or not the data containing our essential documents is secure, there is certainly cause for concern that the opposite may be true after an online hacker marketplace listing emerged on Aug. 31 offering 1.3 BILLION Indonesian SIM card registration data for US$50,000.
The 87 gigabytes of data supposedly contains Indonesians’ KTP number, phone numbers, telco providers, and the SIM card registration date.
Sure, Indonesia has a population of around 260 million, but 1.3 billion lines of registration data is not far-fetched at all considering that many Indonesians own multiple mobile numbers.
Though Kominfo did not explicitly deny the legitimacy of the alleged data breach, they seem certain that they were not at fault.
“It must be known that Kominfo does not have an app to contain the registration data from prepaid and postpaid SIM cards,” the ministry said in an official statement yesterday.
“It can be concluded that the data in question did not come from Kominfo.”
The ministry did not elaborate on where exactly the data might have been breached from.
Over the past month, Kominfo has had to answer several queries regarding alleged massive data breaches from Indonesia, including one containing private data of more than 17 million customers of state utility firm PLN, as well as confidential documents from 21.7 thousand domestic and multinational companies in Indonesia.
A common sentiment among netizens online is of helpless resignation, as major data breaches like these have been all too common in Indonesia in recent years. Many lamented how calls for a comprehensive law on data protection have largely gone ignored.
The Personal Data Protection Bill, which aims to be just that, has stalled in parliament since 2014.
Indeed, there have been no apparent long-term commitments to strengthen cybersecurity in the country following massive data breaches in the past, including a social security data leak of 279 million people (including the deceased) in May 2021 and how the data of 91 million users of e-commerce platform Tokopedia were traded online in June 2020.