Ministry still tracing cause of Indonesia's COVID-19 patient data leak

Ministry still tracing cause of Indonesia's COVID-19 patient data leak

Communication and Informatics Ministry. (

The COVID-19 database and evaluation results of the Kominfo data center are safe
Jakarta (ANTARA) - The Ministry of Communication and Informatics (Kominfo) currently continues to trace the reason behind the alleged hacking of a database containing information of the country's COVID-19 patients that was circulated in cyberspace recently.

"The COVID-19 database and evaluation results of the Kominfo data center are safe," Minister of Communication and Informatics Johnny G. Plate noted via a text message on Saturday.

The ministry is currently in the process of tracking information on the alleged data breach and coordinating with the National Cyber and Crypto Agency (BSSN) in charge of COVID-19 data security in Indonesia.

Furthermore, the ministry is coordinating to conduct an evaluation of data centers in other ministries and institutions.

Related news: Indonesia in urgent need of law on personal data protection
Related news: Indonesia's BSSN ensures protection, security of personal data

A hacker called Database Shopping sold a database of COVID-19 patients in Indonesia, dated June 18, to a dark web hacking forum, RaidForums.

The hackers claims the data was obtained during a data breach on May 20.

The spoiler feature on the dark web shows seized data, including the user ID, gender, age, telephone number, residence address, and patient status.

The hacker allegedly has 230 thousand users’ data in MySQL format uploaded on the dark web.

In May, a hacker on the dark web sold data of Tokopedia trading platform’s users.

Tokopedia confirmed an attempt to hack their security defenses, though the user data was confirmed to be safe.

In the meantime, in early May this year, the Tokopedia e-commerce platform identified the data leak. A hacker claimed responsibility for the leak and later contended to hold data comprising names, email addresses, and hashed passwords of 15 million Tokopedia users.

The estimated number of affected users was greater, reaching almost 91 million.

"On May 2, 2020, we became aware of the data theft of Tokopedia’s user information by an unauthorized third party," William Tanuwijaya, the Tokopedia CEO, noted in a statement on May 13.

Shortly after learning about the breach, Tokopedia notified users while launching an investigation and ensured that the accounts and transactions on the platform remained safe, according to Tanuwijaya.

"We continue to ensure that passwords are encrypted through a one-way encryption process," Tanuwijaya stated.

The online shop company also collaborated with the Ministry of Communication and Informatics and National Cyber and Crypto Agency to investigate the case, he revealed.

Related news: Tokopedia CEO writes to users on personal data leak
Related news: KKI sues Tokopedia, Communication Ministry over data breach