Jakarta, Gizmologi – More than 1 million user data of the eHAC (Electronic Health Alert Card) application belonging to the Ministry of Health allegedly leaked. This clearly tarnishes Indonesia’s credibility in protecting people’s personal data in cyberspace.
Because the exposed data will be very vulnerable to being exploited by cybercriminals. It could be that the affected credential data is used for online loans (borrowing) illegally or users will become targets of fraud (phishing).
“In the case of data leakage. Data owners are always victims, while managers who fail to protect data can only be embarrassed,” said a cyber security observer from Vaksin.com, Alfons Tanujaya in his short message, Tuesday (31/8/2021).
According to Alfons, by requiring users to install and use eHAC, it means that the eHAC service provider, in this case, the Ministry of Health, indirectly declares responsibility and is able to secure the information provided.
Moreover, eHAC users are not only Indonesians but also foreigners who enter and leave Indonesia to travel to various regions. It is clear that when there is a data leak, the manager cannot protect the important information belonging to its users.
“In this case, the owner of the exploited data will suffer losses. He can claim responsibility for the data manager. This tarnishes Indonesia’s name in the eyes of the world because eHAC is required to be installed for foreigners who enter Indonesia,” he explained.
Regarding this issue, he deeply regrets the attitude of the Ministry of Health’s IT team who did not immediately respond to the report from vpnMentor regarding the security gap. According to the founder of Jendelacom, eHAC developers need to be asked for an explanation as to why it is related to data storage servers on the internet without encryption.
“A red note needs to be given to the Ministry of Health’s IT team, even for weeks,” said Alfons.
Regardless of the old or new version of the eHAC application, the affected and allegedly leaked data is already detrimental to the user. The data manager should take responsibility immediately, before the important information falls to irresponsible parties.
“Pray to the Almighty, the data is already in the hands of hackers, nothing can be done. Origin (users) are aware of this and should not use it to generate credentials,” said Alfons, warning eHAC users whose data was allegedly leaked.
What is an eHAC App?
During the pandemic, one of the requirements for people to travel outside the city is to fill in data in the eHAC (Electronic Health Alert Card) application. eHAC is a Health Alert Card, which is an electronic card (modern version) of the manual card used previously.
This electronic card was developed by the Ministry of Health (Kemenkes), particularly at the Directorate of Health Surveillance and Quarantine, the Directorate General of Disease Prevention and Control. Actually, the eHAC application is expected to be a supporting tool for the Indonesian government to minimize the risk of COVID-19 transmission by people who travel.
Users can choose 2 ways to get a Health Alert Card, namely through the eHAC application or the eHAC website. For applications, users can download them on the Google Play Store.
Communication Ministry Investigation Against eHAC Application
The Ministry of Communication and Information (Kominfo) also intervened to investigate the alleged data leak in the eHAC application system. Moreover, there are 1.3 million user data affected.
“We are conducting an investigation,” said the spokesman for the Ministry of Communications and Information, Dedy Permadi.
Both Kominfo and the Ministry of Health will conduct a forensic audit to confirm the alleged data leak as described by the cyber research team from vpnMentor in the report “Indonesian COVID-19 Apps Leaks Private Data From Over 1 million people.”
The National Cyber and Security Agency (BSSN) has also deactivated the eHAC system database that was suspected of being leaked, since August 24, 2021. Although it is not yet certain, the Ministry of Health claims that the data that was allegedly leaked came from an old version of the eHAC application that was no longer used since July 2021.
As a mitigation measure. For more optimal convenience and security, users of the old version of the eHAC application and have not been connected to the pedulilindungi.id application is asked to delete the account and application from their device.
The Indonesian version of this article can be read in Gizmologi.ID