he private data of millions of Indonesian citizens and corporations are at an increased risk of being exposed, amid the pandemic-influenced rise of remote work and a lack of robust personal privacy legislation.
The country has seen at least five data breaches in August alone, two of which allegedly impacted state-owned firms holding the data of millions of customers. The data is now up for sale, according to hacking forum Breach Forums.
In a now-deleted discussion thread posted on Aug. 18, a member of the forum with the username loliyta claimed to be offering the personal data of some 17 million customers of state-owned electricity firm PLN, including names, addresses, customer ID numbers, kilowatt-per-hour usage and electricity meter numbers.
PLN said in a statement on its Twitter account on Saturday that it was conducting an investigation into the alleged data breach with the Communications and Information Ministry and the National Cyber and Encryption Agency (BSSN).
The company claimed that its actual customer data system had remained secure and that the alleged leaked data was only a copy of public data taken from a customer data dashboard app, not real-time transaction data.
Another forum member, Bjorka, claimed to be holding some 26 million data entries belonging to IndiHome, an Internet service provider owned by state-owned telecommunications firm Telkom. The breached data allegedly included full names, email addresses, genders, national ID numbers, IP addresses and customer browsing history.
Telkom denied the claim, saying the story of the leaked data had been fabricated and that its data was stored in an “integrated cyber security system”.