Why Did Officials' NPWP Data Leak? Exposing Weaknesses in Indonesia's Data Protection Technology

  Editorial INTI     1 bulan yang lalu
9eb04a077c1dce0681ac4c54ffb412805068d2ed98d0fb34ba8ac47572182c00.jpg

Jakarta, INTI - The leakage of Nomor Pokok Wajib Pajak (NPWP) data, including the personal data of several government officials, has caused a stir across various sectors. This incident raises a fundamental question: how could data that should be tightly secured leak to the public? More than just a privacy violation, this case uncovers fundamental weaknesses in Indonesia's data protection technology. What really happened, and how did these vulnerabilities arise?

How Vulnerable Is Data in Indonesia?

NPWP data is highly sensitive because it can be used for various purposes, including fraud and identity theft. However, this leak is not the first to occur in Indonesia. In 2021, the data of BPJS Kesehatan users was leaked, affecting over 200 million personal records that were sold on the dark web.

The same weaknesses appear to be repeating themselves. Most systems in Indonesia are still dependent on outdated cybersecurity technology that cannot withstand modern threats. This begs the question: what is fundamentally wrong with the country's cybersecurity infrastructure?

Data Protection Technology: Where Are the Weaknesses?

Indonesia’s data protection system faces several critical weaknesses, including:

  1. Weak Encryption: Many systems still use basic encryption that can be easily bypassed by hackers. In numerous data breaches, hackers have managed to penetrate systems and access sensitive information because the layers of protection in place were insufficiently robust.
  2. Lack of Real-Time Monitoring: Many government and corporate cybersecurity systems in Indonesia do not operate in real-time. This means that when an attack occurs, it is often too late to identify and stop it.
  3. Absence of Multi-Factor Authentication (MFA): Many institutions in Indonesia still fail to adopt MFA as a standard security measure. MFA adds extra layers of protection, making unauthorized access to sensitive data significantly more difficult for hackers.
  4. Reliance on Legacy Systems: Numerous government agencies and private companies in Indonesia still depend on legacy systems that were not designed to combat modern cyberattacks. These systems are difficult to update and have many vulnerabilities that can be exploited by hackers.

The Human Factor: The Biggest Weakness

Beyond outdated technology, human error also represents a major source of vulnerability in Indonesia’s data security system. Many data breaches occur due to mistakes, whether intentional or not. For instance, untrained employees often become the entry point for phishing or malware attacks.

There are numerous cases where employees have inadvertently clicked on malicious links in emails, granting hackers access to critical systems. The lack of training and awareness about cyber threats is a significant issue that urgently needs to be addressed.

Cyberattack Statistics in Indonesia

Cyberattacks in Indonesia have increased significantly in recent years. Data from the National Cyber and Crypto Agency (BSSN) show that in 2021, over 1.6 billion cyber threats were detected in Indonesia. This is a sharp rise compared to previous years, with around 1.2 billion threats recorded in 2020. These statistics indicate that Indonesia is a prime target for cyberattacks, yet the current cybersecurity infrastructure seems incapable of addressing these threats.

Steps to Improve Data Security in Indonesia

To prevent another incident like the NPWP data breach, several important measures must be taken, both in terms of technology and regulation:

  1. Updating Security Technology: Using stronger encryption and implementing AI-based security systems for early threat detection is essential.
  2. Implementing Multi-Factor Authentication (MFA): Adding extra layers of verification will make it much harder for hackers to gain access to sensitive data.
  3. Cybersecurity Education for Employees: Intensive training on cyber threats should be a priority, particularly for employees handling sensitive data.
  4. Enforcing Strict Regulations: The passage and implementation of the long-awaited Personal Data Protection Bill (RUU PDP) must be expedited to ensure a strong legal framework for protecting citizens’ data.

The NPWP data breach is a harsh reminder that Indonesia must swiftly improve its data protection technology and regulations. Weaknesses in technology, combined with a lack of awareness about cyber threats, have led to data leaks that harm many. If urgent steps are not taken, similar breaches will likely continue, threatening the privacy and security of all Indonesians.

Ad

Ad