1. Healthcare and Social Security Agency (BPJS Kesehatan)
In May, the personal data of BPJS Kesehatan users was sold in an online forum known as Raid Forums for the price of 0.15 bitcoins by a user called ‘Kotz.’ Tempo confirmed this to cybersecurity expert from Vaksincom, Alfons Tanujaya, to which he answered: “It seems to be confirmed,” on May 20, 2021.
Not long after the news broke out, BPJS Kesehatan director Ali Ghufron Mukti acknowledged that a number of users’ data from his institution had been sold on the internet.
2. Cermati and Lazada
The data breach of the two websites was once again revealed after 2.9 million personal users’ data were sold in Raidforums at the end of 2020. As for Lazada, at least 1.1 million data was sold illegally, which involved Redmart databased hosted by a third party.
3. BRI Life
The data breach of BRI Life was first known after a Twitter account under the name @HRock revealed that data of 2 million of the life insurance’s customers were sold online for US$7,000. Based on the account’s image post, exposed data include electronic ID card information, birth certificate, and health track records.
In May 2020, millions of personal data was non-consensually stolen from the popular e-commerce. Some even claimed the exposed 91 million personal data was sold for US$5,000. At the time, Tokopedia representative asserted that the incident was not an attempt to steal personal data.
5. General Elections Commission (KPU)
An internet user claimed to have information of the breach of 2.3 million Indonesians from the General Elections Commission (KPU) website back in May 2021. This user believed the data breach took place since 2013 and claimed that the hackers threaten to leak 200 million more.
In Aug 22, more than 26 million records from IndiHome containing, personal data, search histories, and much more were found on dark web forums, uploaded by a person under the username “Bjorka.”