Heaptalk, Jakarta — The personal data of civil servants (PNS) stored by the State Civil Service Agency (BKN) is suspected of being hacked. Around 4.75 million Indonesian civil servants were allegedly leaked and claimed to have been sold for about US$10,000 (around Rp160 million), Indonesia’s cyber security research institute, Cissrec, reported.
The leaked critical data covered place of birth, date of birth, title, date of Civil Servant Candidate (SK CPNS), date of PNS, Civil Servant Registration Number (NIP), Decree Number, PNS Letter Number, group, position, agency, address, identity number, telephone number, email, education, major, and year of graduation. On the other hand, multiple data in the form of clear text or text has been processed using cryptographic methods.
“The State Civil Service Agency is working with the National Cyber and Crypto Agency (BSSN) and the Ministry of Communication and Information to identify and investigate the emergence of issues regarding alleged ASN data leaks. This investigation aims to ensure the security of their data and the necessary risk mitigation.” BKN affirmed.
In response to this issue, Pratama, the Communication and Information System Security Research Center (Cissrec) Chairman, observed that data leak incidents frequently materialized in the country. Meanwhile, as of October 3rd, 2022, BKN signed an MoU with BSSN to strengthen ASN data and improve the quality of information protection and electronic transactions.
To cease the equivalent issues, he expected that Indonesia’s government could immediately form a personal data protection agency to investigate this incident and impose sanctions on electronic system organizers (PSE) who experience data leaks.
The hacker also included sample data from about 128 ASNs from various agencies in Aceh. Pratama claimed that his party had randomly verified 13 ASNs whose names were listed in the sample data. They are known to have confirmed that the data was valid, although there were several errors in writing the last digit in the NIP and NIK fields.
“BKN ensures that the alleged disruption would not disrupt ASN management services or paralyze the running of the electronic system accessed by the public. However, we appeal to all BKN service users to update their passwords immediately, which must be performed periodically to avoid unwanted things,” BKN responded to the data breach issue.
