Indonesia is investigating a potential leak of sensitive data of 1.3 million users from an old COVID-19 tracking application.
The data included ID, address, and health history – from the Indonesian Health Alert Card (eHAC) app which has been exposed in an open server, according to a report by cybersecurity research firm vpnMentor.
An investigation is being conducted, as well as further examination into the leak,” Anas Maruf, head of data center and information at the ministry, according to a Bloomberg report.
eHAC was created early in 2021 and held users’ Covid-19 test data, was mandatory for domestic travel for both Indonesian citizens and foreigners.
Similar track and trace apps is being used in other parts of Asia too.
The app is now obsolete, and Indonesia is using the PeduliLindungi app since July 2021. Responding to the report, the Health Ministry has recommended deleting eHAC and to state the offending server had now been shut down.
Breach Music
Cyber security-related breaches have been going through the roof since the onset of the COVID-19 pandemic. According to findings from Trend Micro’s Biannual Cyber Risk Index report, the risks of cyber attacks have increased in the past year and will only continue to increase in the future.
The report surveyed more than 3,600 businesses of all sizes and industries across Asia-Pacific, North America, Europe, and Latin America. In the Asia Pacific, the top five cyber threats highlighted included ransomware, watering hole attacks, advanced persistent threats, malicious insiders, and fileless attacks.
For infrastructures, malicious and negligent insiders as well as cloud computing infrastructure providers and organisational misalignment were the top cyber risks, according to the report.