Indonesia is investigating alleged personal data breaches at state-owned telecoms firm PT Telkom Indonesia’s internet service IndiHome and state utility PT Perusahaan Listrik Negara (PLN), its communications ministry said on Sunday.
Semuel Abrijani Pangerapan, a senior communications ministry official, said in a statement the ministry had summoned representatives from Telkom and PLN and had sent recommendations on data protection to both firms.
A Telkom spokesperson told Reuters on Monday that there was no breach of IndiHome customers’ data.
PLN’s spokesperson did not immediately respond to a request for comment although it was quoted by local media as saying on Saturday that it was investigating an alleged breach.
Indonesia has had a slew of alleged data breaches in recent years, including on its COVID-19 screening app which led to President Joko Widodo’s vaccine records being shared widely on social media in September.
A data protection bill aiming to bolster the country’s cybersecurity infrastructure was submitted to parliament in 2020 but has yet to be passed.
A year ago, Indonesia said that it was investigating a suspected security flaw in a COVID-19 test-and-trace app that left exposed personal information and the health status of 1.3 million people, according to the health ministry.
In August 2021, researchers from encryption provider vpnMentor said personal information in the Indonesia Health Alert Card (eHAC) app, often required to be used by travellers, was accessible “due to the lack of protocols put in place by the app’s developers.”
At the time, Anas Ma’ruf, a health ministry official overseeing data, said the government was looking into the potential breach, but said the potential flaw was in an earlier version of the app, which has not been used since July 2021. The eHAC system is part of the Peduli Lindungi (Care Protect) app, which the government has promoted for various tracing purposes, including entry at malls.
© Thomson Reuters 2022