Indonesia is in the midst of yet another major data breach scandal, this time involving state utility firm PLN as well as numerous other companies based in the country.
Recently, two listings related to Indonesia surfaced at an online hacker marketplace. The first, the user claimed, contained the private data of more than 17 million PLN customers, including their names, addresses, and power consumption. The user did not specify an asking price for this breach.
On Monday, another user posted a listing for 347GB of confidential documents from 21.7 thousand domestic and multinational companies in Indonesia. Among these, the user said, were “Microsoft, AT&T, CSCEC, PwC, China Railway Group Limited, Huawei Tech Investment, McKinsey, Prudential Life Assurance, and more.” The user set a US$50 thousand asking price for this breach.
The Information and Communications Ministry (Kominfo) said today that it is looking into the reported data breaches.
A common sentiment among netizens online is of helpless resignation, as major data breaches like these have been all too common in Indonesia in recent years. Many lamented how calls for a comprehensive law on data protection have largely gone ignored.
The Personal Data Protection Bill, which aims to be just that, has stalled in parliament since 2014.
Indeed, there have been no apparent long-term commitments to strengthen cybersecurity in the country following massive data breaches in the past, including a social security data leak of 279 million people (including the deceased) in May 2021 and how the data of 91 million users of e-commerce platform Tokopedia were traded online in June 2020.