The electoral data, precisely voters’ information from one of the most populous nations, was just posted on the famous hackers’ forum – raid forums – only this Wednesday.
The people of Indonesia and cybersecurity analysts, are alarmed, they said threat actors could use it for phishing, fraud, and worse – identity theft.
Indonesia’s KPU (General Election Commission) verified the legitimacy of the information – data such as full names, permanent residences, and national identification numbers. KPU said in a statement that they are investigating the matter to determine the source. One of the commissioners stated that the Initial verification of some data revealed some information was quite extensive and dated from 2013.
It was also immediately disclosed that the leak mentioned above never came from the electoral commission’s network servers. They said the data that was shared anonymously to political parties and other political candidates were within the prescribed laws of the government. So, whoever posted the information does not wish to identify themselves. But it is only interested in creating threats and possibly chaos – due to the warning that they will release an additional 200 million citizenship records on the country’s citizens soon.
The people are on a state of unrest, says one of the representatives for the Association for Elections and Democracy. The safety of their information is uncertain, and the fear that cybercriminals might use it for fraudulent and possibly more sinister purposes is there. Citizens of Indonesia are worried that fraudsters might use their data to register for a phone or sim card plan, or even apply for lending or bank loan. More and more cases of data breaches are being reported all over Indonesia. With this incident being highlighted by cybersecurity experts since the country is still unable to pass its data protection laws.
Indonesia’s ELSAM (Institute for Policy Research and Advocacy) summoned the Communications and Information Ministry to investigate the breach and upgrade all existing security regulations and protocols to avoid any subsequent attack and ensure the protection of the citizens’ information. A call for deliberation and discussion regarding the personal data protection laws is being levied with the country’s House of Representatives.
Chairman Pratama Persadha of the Indonesia CISSReC (Communication and Information System Security Research Center) pleads on the election commission (KPU) to immediately perform a digital forensic audit of all its systems to ensure the overall safety of their data. He also stated that this matter is of the most profound concern. The people’s data should be protected, whether it be public or private groups that possess them.
As of this writing, the government’s cybersecurity arms – the Communications and Information Ministry and the BSSN (National Cyber and Encryption Agency), is being mobilized. While the government is deliberating the passing of their data protection laws, the current security situation must be addressed with optimal efficiency for the sake of the public’s interest.