Indonesia Denies #COVID19 Test Data Breach

Written by

An alleged breach of COVID-19 test result data is being investigated by authorities in Indonesia.

Concerns over a possible breach were raised after a hacker tried to sell what they claimed was the personal information of hundreds of thousands of people who had been tested for the novel coronavirus in Indonesia on an online forum.

Posting on the database sharing and marketplace forum RaidForums on June 18, the alleged hacker claimed to have exfiltrated the test results and personal details of 230,000 people. 

The possible cyber-criminal posted a for-sale notice under the username "Database Shopping." A sample of the allegedly leaked data was displayed along with an offer to sell the entire set for US$300. 

Information the alleged hacker claimed to have accessed included names, addresses, phone numbers, ages, and nationalities. Also included were the private medical records of people who had been tested for COVID-19 at a number of different hospitals in well-known tourist hotspot, Bali.

"I sell it to the enthusiast," wrote the hacker in their post, before claiming to have similar data available for purchase, swiped from other parts of Indonesia. Areas that Database Shopping claimed to have targeted included Jakarta and the West Java provincial capital of Bandung.

The Indonesian government has denied that a breach of any COVID-19 test data has taken place. However, an investigation into the alleged hack has been launched by the Communication and Information Technology Ministry and the national police's criminal investigation department. 

Communication and information technology minister Johnny Plate said the matter was being examined by the National Cyber and Encryption Agency.

Plate told The Straits Times on June 21: "The Covid-19 database and the results of the examinations at the ministry's data center are safe."

The minister added that data centers and other ministries and government institutions will be assessed by the ministry to ensure that all data remained secure.

The government's denial of a data breach was seconded on June 21 by the National Cyber and Encryption Agency, according to local Indonesian media. 

Last month, a different hacker advertised for sale on RaidForums the personal data of 15 million Indonesian users of Tokopedia for $5,000.

What’s hot on Infosecurity Magazine?