"Data security concerns after leak of Indonesian President Jokowi's COVID-19 vaccine certificate" JAKARTA: Indonesians expressed concerns over the security of their personal medical data on Saturday (Sep 4) after President Joko Widodo's COVID-19 vaccine certificate was leaked and a large test app also appeared compromised. Indonesia has a weak cyber security record, with poor online literacy and frequent leaks previously.
Widodo's vaccine certificate - which circulated online, showing his censored ID number and vaccination times - was leaked by users who found his data on official vaccine-monitoring app PeduliLindungi, the government said. "Certain people have accessed the vaccine certificate of Mr Joko Widodo by using a vaccine check feature available in PeduliLindungi," an official statement said on Friday. Jakarta-based Ageng Wibowo, 39, said that the leak made him nervous and called for tougher cyber security laws. However, Communication and Information Ministry officials deflected blame and said that Widodo's data was accessed via the General Commission of Elections website. Health Minister Budi Gunadi Sadikin said that authorities have blocked access to public officials' data following the breach. Officials added that they were working to improve PeduliLindungi users' data security.
The leak comes only days after researchers of encryption provider vpnMentor revealed that the data of 1.3 million users of a government test-and-trace app had been compromised.
The information leaked included users' data and COVID-19 test results, the researchers said.
"Data breaches happen more frequently in Indonesia because of the very high digital penetration in Indonesia which unfortunately is not followed by proper digital awareness from those who are managing the data," said cyber-security analyst Alfons Tanujaya in Jakarta.
People also expressed their anger online, with one user tweeting: "How many more big cases do we need to show that the IT and data management in our country is a failure?"
In May, the data of more than 200 million participants of the National Health Care and Social Security Agency (BPJS Kesehatan) was allegedly leaked by hackers.
