Indonesia Probes Million Data Breach at Old Covid Tracking App

(Bloomberg) -- Indonesia is investigating a potential leak of more than a million personal records stored in an old Covid-19 tracking application, the second data breach that hit the government in three months. 

The government suspects its partner as the potential source of the leak from the electronic health alert card (eHAC) app that has been decommissioned since July 2, according to an official at the Health Ministry. eHAC was mandatory for any traveler entering the country and for domestic flights. They were required to download the app and store data including contact details and their Covid test results.  

“An investigation is being conducted, as well as further examination into the leak,” Anas Maruf, head of data center and information at the ministry, told reporters in Tuesday briefing. That old version of eHAC has been disabled and its features integrated into PeduliLindungi, another app that also tracks vaccination progress. 

In May, the government disclosed a leak of social security data involving the nation’s 270 million population after samples of social security records that were being sold online contained entries of personal identification numbers, family details and payment details.

Security research group vpnMentor first reported the breach in a statement on Tuesday. Its cybersecurity team discovered that the app’s exposed database contains 1.4 million records from approximately 1.3 million users and reported the incident to the Indonesian government in July. 

©2021 Bloomberg L.P.