KPAI data breached, case reports put up for sale on RaidForums

A RaidForums user c77 yesterday (21 September) uploaded yet another leaked data, allegedly from the Indonesian Commission of Child Protection (KPAI), selling them for Rp35,000 per data. 

Upon a closer look, the data consisted of personal information about people who filed reports to the KPAI from 2016 until now. Chairman of CISSReC Pratama Persada suspected that the data were taken from the KPAI’s database. 

He added that the leaked data includes the whistleblowers’ name, ID numbers, nationality, phone and/or mobile numbers, religion, occupation, education, address, email, place and date of birth, sex, age, even the report filing date. There is also data about underage victims, which is dangerous as it could be used by online predators to target them.

He demanded that the government pay attention to this case and recommended a digital forensic to find the security gap. He also pointed out the urgency to reinforce the system as well as the human resources and to carry out technology adoption for data security.

This is obviously not the first case of its kind. There have been massive data leaks from different institutions this year alone. Indonesians witnessed what may be the biggest data breach against the country’s governmental institution, which was leaked from BPJS, in May. In August, there was reportedly a data breach against eHAC, which was (and still is) required for travel in Indonesia during the pandemic.

Earlier last month, Insikt group notified the Indonesian government about possible massive data hacking in the government’s system by Chinese hackers. The government, as expected, responded to this heads-up slowly.

Learn more about personal data and the urgency to keep it secure here.