Calls for stronger data protection as breach incidents rock Bangladesh, Indonesia
Calls have intensified in the last couple of days on the need to put in place a body that will oversee the proper management of personal data in Indonesia after reports emerged that a notorious hacker stole and put the data of nearly 35 million citizens on sale on the dark web. The calls come as a similar incident happened in Bangladesh where data from a government website is said to have been leaked to the world wide web, sparking huge concerns of identity theft or data manipulation.
Indonesia data oversight body needed
The recent data leak incident is reported to have been carried out by notorious hacker Bjorka who put the data up for sale to the tune of $10,000, prompting renewed calls for the establishment of an oversight body.
Per The Jakarta Post, the data of about 4 gigabyte was collected from passport details of 34.9 million Indonesians and includes the full names, date of birth, gender, addresses, and passport numbers and their date of expiry.
Teguh Aprianto, a security researcher raised alarm on the leak via a Twitter threat in which he confirmed the genuineness of some of the data.
Indonesia has a Personal Data Protection Legislation which was passed in 2022 but incidents of data breach are recurrent in the Southeast Asian country. The theft of data from 1.3 billion SIM cards, still by the hacker Bjorka, was reported in September 2022.
Proponents of an independent oversight agency believe it will help tighten controls around the management of data and close gaps that could lead to possible leaks in the future.
Officials of the Ministry of Communication and Informatics say they have been investigating the reported data leak, but called on digital service providers to step up security around people’s personal data, reports Bank Info Security.
Bangladesh birth and death data leak raises eyebrows
In Bangladesh, reports that a government website let loose data of millions of citizens has already left many citizens in the South Asian country unsettled.
As reported by TechCrunch, a Bitcrack Cyber Security researcher, Viktor Markopoulos, became aware of the leak on June 27 and made a signal to the country’s digital government computer incident response team (CERT). The data includes contact information and national ID card numbers, and could be used to modify or delete birth registration applications.
The outlet says it confirmed at least some of the data to be genuine, but it didn’t immediately get a response to different requests for comment on the incident.
Meanwhile, another outlet Digi Bangla specifies that the leak is from the huge quantity of data from the Bangladesh Birth and Death Registration Information System.
The outlet reports that an inquiry which was started following the incident has been completed, with the report filed with the Attorney General of the High Court on July 9.
Per the inquiry, not much data was exposed and even that which was exposed online was not stolen or destroyed.