A suspected breach of Indonesia’s social security data has put virtually all Indonesians exposed to digital attacks and frauds, authorities and digital security experts warned on Friday.
The Communication and Information Technology Ministry said that it has suspected personal records of at least 100,000 individuals have been leaked from BPJS Kesehatan and asked the country’s national insurance company to notify the individuals about the breach.
The records were part of a sample database offered for free by an individual, or group of individuals, using the username Kotz, at the database sharing forum Raidforum.
Since May 12, Kotz has been trying to sell for 0.15 bitcoins ($6,130) a larger set of the database they claimed to hold more than 279 million records, containing information ranging from national identity numbers, social security numbers, phone numbers, and tax identification numbers, to family members, blood type, and salaries.
BPJS Kesehatan reported it has 222.5 million users at the end of last year, covering about 82 percent of Indonesia’s 270.2 million people.
“The ministry suspected the sample database is identical to BPJS Kesehatan’s database,” Dedy Permadi, the Communication and Information Technology spokesman, said.
“The suspicion is based on records of social security number, office code, family records, and payment status [in the sample database], which are identical with BPJS Kesehatan’s records,” Dedy said.