Indonesia is investigating the alleged data breach in the COVID-19 application

JAKARTA, Aug 31 (Reuters) – Indonesia is investigating a suspected security flaw in a COVID-19 testing and tracking application that exposed personal information and the health status of 1.3 million people, it said. on Tuesday a health ministry official.

Researchers at encryption provider vpnMentor said the personal information in the Indonesia Health Alert Card (eHAC) app, often needed for travelers, was accessible “due to the lack of protocols established by the app’s developers.”

Anas Ma’ruf, a health ministry official overseeing the data, said the government was studying the possible breach, but said the possible flaw was in an earlier version of the application, which has not been used since July.

“The eHAC of the old version is different from the eHAC system that is part of the new application,” he said. “Right now, we are investigating this alleged violation.”

The eHAC system is now part of the Peduli Lindungi (Care Protect) application, which the government has promoted for various tracking purposes, including entry into shopping malls.

Anas urged people to delete the old app and said the violation could have been originated by a partner, without detailing it. He said the current eHAC system was now managed by the government and its security was “guaranteed”.

VpnMentor researchers said the flaw could expose people to phishing or hacking, as well as deter people from using a COVID-19 tracking application.

Experts say these data breaches point to Indonesia’s weak cybersecurity infrastructure. In May, authorities also launched an investigation into an alleged breach of social security data by the country’s state insurer. Read more

Report by Stanley Widianto; Edited by Ed Davies

Our standards: the principles of trust of Thomson Reuters.