A recent report revealed that a government database containing 230,000 people who went through coronavirus testing was breached by hackers.
The hackers, known with the username as Database Shopping, put up the personal data of Indonesian COVID-19 test-takers for sale on Raid Forums, a data-exchange platform. In a similar development, another member of the forum offered the personal information of 15 million users from the database of home-grown e-commerce giant Tokopedia. The Tokopedia data was offered for only $5,000.
The user disclosed an example of the COVID-19 compromised data. The breached data include names of the individuals undergoing coronavirus tests in different hospitals in Bali, their ages, addresses, and their details.
In a recent interview with Kompas , the unidentified seller of the breached data disclosed it also included the database set of other patients taking tests from other regions, such as Bandung and Jakarta. The user offered the COVID-19 data for sale on the dark web for $300.
Achmad Yurianto, national COVID-19 taskforce spokesperson, while responding to the suspected breach, pointed out that the breach has been reported to the authority. He further stated that there are ongoing investigations regarding the data breach. However, he did not disclose any further details about the breach.
Cases of data breaches are not new in Indonesia. In 2013, the personal voting data of millions of Indonesians were breached by hackers before the 2014 General Elections. The data was said to be the final voter list of the presidential elections.
The hackers were able to hack into the General Election Commissions website. The country does not have a personal data protection bill.
While responding to the incident, Johny Plate, Indonesia’s Minister of Communication and Information, said both the COVID-19 patient database and the interoperability data are safe. He also reiterated that the ministry will make further consolidation on the safety and security of the data by cooperating with those in charge of data collection.
“We will trace the news and coordinate with BSNN which is in charge of security and data collection COVID 19,” he said.
The website of the hacking group, who call themselves DDosSecrets , indicated that the group has a particular approach when disclosing any hacked data as they avoid naming how they got the data.
The world has been reeling under the COVID-19 pandemic, with different governments placing travel restrictions and stay at home rules. The high dependency on the internet has become an opportunity for some cybercriminals to lunch malicious attacks on unsuspecting users. But it seems U.S. and Indonesian agencies are the latest victims of these cybercriminals.
At this period, cybercriminals are on their toes looking for more open opportunities the COVID-19 pandemic has created.
They are peeping into the daily lives of people. Before this incident, a hacking syndicate took the responsibility of hacking and leaking a decade’s worth of data from about 200 law enforcement agencies and police departments in the U.S.
The group said the leaked information contains 269 gigabytes of data, which has important details, images, videos, documents, and other FBI reports. But what is not clear is the details of the attack and how the hacker was possible to obtain such a massive amount of data.
And last Friday, the Australian government said it faced a Plethora of attacks on its different institutions and companies by sophisticated and malicious state actors. Prime Minister Scott Morrison reiterated that the criminals targeted Australian organizations across different sectors, including essential service providers, health organizations, education, political organizations, industries, and agencies.
Although Morrison did not reveal about the actors, the timing of the attack and its magnitude led people to believe that Chinese-state hackers were responsible. When he was asked to confirm whether China is behind the attack, he said it’s still speculation.