Hackers have allegedly accessed personal information of 279m Indonesians stored by the Health Care and Social Security Agency (BPJS) and are trading it on the web.

The data for sale on raidsforum.com includes identity numbers, identity cards, phone numbers, email addresses, names, home addresses and individuals’ salaries, local media reported.

The communications and information technology ministry is investigating and the BPJS is conducting its own probe into whether the leaked data came from the agency.

Its spokesman stressed that the BPJS consistently ensured the security of personal data.

The incident has led to calls for the country’s Central Information Commission for the Personal Data Protection Bill to be quickly passed. 

“It’s safe to say we are facing a personal data protection emergency amidst the wave of new technology developments,” a spokesman said. “Which is why the personal data protection act must be quickly passed and made into law for the sake of people’s security.”

Members of the Indonesian parliamentary commission which overseas intelligence, foreign relations and the armed forces have voiced similar concerns, with one of them Dave Laksono saying the latest data breach has rung an alarm bell about the country’s weak cyber security.

As the authorities’ investigation into the incident continue, the police’s criminal investigation department has summoned BPJS president-director Ali Ghufron Mukti to provide clarification. Police want to obtain information about agency employees responsible for handling public data.


Make sure to save your seat at PrivSec Global to hear leading experts discussing data breaches similar to the BPJS breach and sharing their best practices. 

Register now