Indonesian health ministry probes alleged data breach of 1.3m users on COVID-19 app

share on

twitter /
facebook /
linkedin /
- email
- telegram
- whatsapp
- wechat
- pinterest
- line
- snapchat
- reddit

Indonesia is investigating a suspected security flaw in a COVID-19 test-and-trace app after the data of 1.3 million users from the health ministry's electronic Health Alert Card (eHAC) app were exposed in an open server, multiple media reports including Reuters and CNN Indonesia said. According to a report by cybersecurity research firm vpnMentor published on 30 August, the leaked data contained ID, address, and health history.

According to vpnMentor, there was no response from the Indonesia health ministry after it flagged the issue in late July. Only after contacting Indonesia’s National Cyber and Encryption Agency on 22 August did the firm receive a response from the Indonesian authorities. On 24 August, the server was shut down, the cybersecurity research firm said. Meanwhile, Reuters reported that the flaw was in an earlier version of the app which has not been used since July this year.

Quoting a health ministry official named Anas Ma'ruf, Reuters said the old version of eHAC is different from the eHAC system that is currently part of the new app. He explained that the eHAC system is under the Peduli Lindungi (Care Protect) app, which is currently being used for contact tracing purposes, including mall entries. Anas also requested for users to delete the old app as the breach might have come from the partner. He added that the Indonesian government now manages the current eHAC system and guaranteed its safety, Reuters said.

Data breaches have become commonplace in this digital world. In July, Bank Rakyat Indonesia's insurance division, BRI Life, also investigated allegations that personal information of more than two million of its customers had been advertisers for sale by "unidentified hackers". This followed a Reuters report found that "multiple computers belonging to BRI and BRI Life employees had been compromised".

An IBM study done this year found that the average cost of a data breach increased by nearly 10% year-over-year to US$4.24 million, the largest single-year cost increase in the last seven years. The average cost was also US$1.07 million higher in breaches where remote work was a factor in causing the breach, compared to those where remote work was not a factor.

Meanwhile in Singapore, companies such as Starhub and OrangeTee have also fallen victim to data breaches. Personal information of more than 57,000 customers subscribed to StarHub before 2007 was discovered to have been uploaded illegally on a third-party data dump website. Meanwhile, OrangeTee’s holding company OT Group, fell victim to a data security breach on 6 August after it received an email from a third party, claiming to have accessed its IT network.

Photo courtesy: 123RF

Join ourDigital Marketing Asia conference happening from 9 November 2021 - 25 November 2021 to learn about the upcoming trends and technologies in the world of digital. Check out the agenda here.