JAKARTA – As immigration clearance, passport application and other government services in Indonesia are restored after a national data breach, experts warn that the country’s reputation will take huge hits if such incidents keep happening.
Frustrated passengers at airports and ferry terminals across the 17,000-island archipelago have had to bear with hours-long queues since June 20 as officers took down their details using pen and paper.
Reports in the media and on social media over the weekend said services appeared to be returning gradually. On June 24, state news agency Antara quoted Indonesian Communications Minister Budi Arie Setiadi as saying that a hacker compromised the country’s national data centre and asked for a US$8 million (S$10.8 million) ransom.
“Government officials are doing their best to get the system back, but in terms of communication during a crisis, there is a need to be more transparent,” said Mr Muhammad Habib Abiyan Dzakwan from Indonesian think-tank Centre for Strategic and International Studies (CSIS).
Mr Habib added that given the public nature of the situation, more information should have been released to raise public awareness on the necessity for stringent cyber-security measures.
Director-general of immigration Silmy Karim had said earlier on June 24 that the issue was unlikely to be a technical glitch and could have been a cyber attack.
“Generally, technical problems can be resolved within one to three hours. When it takes more than six hours, we conclude that there must be an attack that is more than just a technical problem, for example, a problem caused by a cyber attack,” said Mr Silmy.
Other government processes, such as passport application and renewal, are expected to return to normal on June 24.
Mr Silmy said in an Instagram post at about 6pm on June 20 that there was a “temporary disruption” to Indonesia’s National Data Centre (PDN) server.
The server, which is managed by the Ministry of Communication and Informatics, carries a database of information that government services use to function.
On June 23, the ministry said that recovery efforts were being carried out, but there were not many updates on the nature of the PDN incident or whether any data had been compromised.
The lack of information sent the rumour mill into overdrive, with some people alleging that the incident was a ransomware attack linked to a hacker group responsible for previous attacks.
Instagram page @ecommurz, which posts tech-related news in Indonesia, said that the PDN outage could be the work of individuals linked to ransomware group LockBit. Mr Budi confirmed on June 24 that the group was indeed involved.
The group is notorious in Indonesia for being responsible for a massive data breach in May 2023 reportedly involving the personal particulars of more than 15 million customers and staff of Bank Syariah Indonesia (BSI), the country’s largest Islamic bank.
For the latest case, experts bemoaned the lack of information and updates on the state of public services.