The federal government has been hit with one other large information breach scandal, this time involving a COVID-19 take a look at and hint app, however thus far its solely answer is to suggest customers to delete what’s now successfully an out of date app.
A report by cybersecurity research firm vpnMentor printed earlier at present mentioned that 1.3 million customers’ delicate information — together with ID, handle, and well being historical past — from the Indonesian Well being Ministry’s digital Well being Alert Card (eHAC) app have been uncovered in an open server. The app, which was created in early 2021 and held customers’ COVID-19 take a look at information, was obligatory for home journey for each Indonesian residents and foreigners.
Relating to the leak, vpnMentor mentioned: “Our group found eHAC’s information with zero obstacles, as a result of lack of protocols put in place by the app’s builders. As soon as they investigated the database and confirmed the information have been genuine, we contacted the Indonesian Ministry of Well being and offered our findings.”
Nonetheless, vpnMentor mentioned it didn’t obtain a response from the ministry after it flagged the problem in late July. It was solely after vpnMentor contacted Indonesia’s Nationwide Cyber and Encryption Company (BSSN) on Aug. 22 that the agency acquired a response from Indonesian authorities. On Aug. 24, BSSN shut down the server.
The Well being Ministry publicly responded to the report at present, urging customers to delete the eHAC app as a precaution, particularly since we not rely on the app.
“Since July 2021, we have now been utilizing the PeduliLindungi app, and eHAC has been built-in into that app. The system that was within the outdated eHAC is totally different to the eHAC that’s built-in into PeduliLindungi,” Well being Ministry Knowledge and Info Middle Head Anas Ma’ruf said throughout a press convention at present.
In line with Anas, information saved in PeduliLindungi’s servers is healthier protected because of BSSN and the Info and Communications Ministry.
The ministry didn’t present an evidence for the report’s declare that the outdated eHAC app’s cybersecurity was just about non-existent, nor did it supply something in the way in which of an apology.
However that’s in all probability as a result of personal information safety isn’t taken significantly in Indonesia amid repeated calls from specialists for the nation to strengthen its cyber and information safety legal guidelines. There have been no long-term commitments to strengthen cybersecurity within the nation following large information breaches prior to now, together with a social safety information leak of 279 million people (together with the deceased) in Might 2021 and the way the info of 91 million users of e-commerce platform Tokopedia have been traded on-line in June 2020.
Subscribe to The Coconuts Podcast for prime trending information and popular culture from Southeast Asia and Hong Kong each Friday!