Indonesia probes suspected data breach on COVID-19 app
JAKARTA — Indonesia is investigating a suspected security flaw in a COVID-19 test-and-trace app that left exposed personal information and the health status of 1.3 million people, a health ministry official said on Tuesday.
Researchers from encryption provider vpnMentor said personal information in the Indonesia Health Alert Card (eHAC) app, often required to be used by travelers, was accessible “due to the lack of protocols put in place by the app’s developers.”
Anas Ma’ruf, a health ministry official overseeing data, said the government was looking into the potential breach, but said the potential flaw was in an earlier version of the app, which has not been used since July.
“The eHAC from the old version is different from the eHAC system that is a part of the new app,” he said. “Right now, we’re investigating this suspected breach”.
The eHAC system is now part of the Peduli Lindungi (Care Protect) app, which the government has promoted for various tracing purposes, including entry at malls.
Article continues after this advertisementAnas urged people to delete the old app and said the breach might have originated from a partner, without elaborating. He said the current eHAC system was now managed by the government and its safety was “guaranteed”.
Article continues after this advertisementVpnMentor researchers said the flaw could expose people to phishing or hacking, as well as discourage people from using a COVID-19 tracing app.
Experts say such data breaches point to Indonesia’s weak cyber security infrastructure. In May, authorities also launched an investigation into an alleged breach of social security data from the country’s state insurer.
For more news about the novel coronavirus click here.
What you need to know about Coronavirus.
For more information on COVID-19, call the DOH Hotline: (02) 86517800 local 1149/1150.
The Inquirer Foundation supports our healthcare frontliners and is still accepting cash donations to be deposited at Banco de Oro (BDO) current account #007960018860 or donate through PayMaya using this link.