A possible breach raised concerns after a hacker tried to sell what they claimed to be the personal information of hundreds of thousands of people who had been tested for COVID-19 in Indonesia.
Posting on the database sharing and marketplace forum RaidForums on 18th June, the alleged hacker claimed to have access to the test results and personal details of 230,000 individuals.
Under the username “Database Shopping”, the supposed cyber-criminal posted a for-sale notice, with a sample of the allegedly leaked data. Alongside this was an offer to sell the entire set for 300 US dollars.
According to the alleged hacker, the information available included:
● Names, addresses and phone numbers
● Ages and nationalities
● Private medical records of those tested at numerous hospitals in Bali
“I sell it to the enthusiast,” wrote the hacker in their post, before claiming to have similar data for sale, taken from other areas of Indonesia. Jakarta and the West Java provincial capital of Bandung were also supposedly targeted.
The Indonesian government has denied that any COVID-19 test data breach has taken place. However, an investigation has been launched by the Communication and Information Technology Ministry, as well as the national police’s criminal investigation department.
Communication and information technology minister Johnny Plate says that the National Cyber and Encryption Agency were examining the issue.
Speaking to The Straits Times on 21st June, Plate said: “The Covid-19 database and the results of the examinations at the ministry’s data center are safe.”
The minister added that data centres and other ministries and government institutions will be assessed by the ministry. This will ensure that all data will continue to be secure.
The National Cyber and Encryption Agency seconded the denial of a data breach on 21st June, according to Indonesian media.