JAKARTA: As immigration clearance, passport application and other government services in Indonesia are restored after a national data breach, experts warn that the country’s reputation will take a huge hit if such incidents keep happening.

Frustrated passengers at airports and ferry terminals across the 17,000-island archipelago have had to bear with hours-long queues since June 20 as officers took down their details using pen and paper.

Reports in the media and on social media over the weekend said services appeared to be returning gradually.

On June 24, state news agency Antara quoted Indonesian Communications Minister Budi Arie Setiadi as saying that a hacker compromised the country’s national data centre and asked for a US$8 million (S$10.8 million) ransom.

“Government officials are doing their best to get the system back, but in terms of communication during a crisis, there is a need to be more transparent,” said Muhammad Habib Abiyan Dzakwan from Indonesian think-tank Centre for Strategic and International Studies (CSIS).

Habib added that given the public nature of the situation, more information should have been released to raise public awareness on the necessity for stringent cyber-security measures.

Director-general of immigration Silmy Karim had said earlier on June 24 that the issue was unlikely to be a technical glitch and could have been a cyber attack.

“Generally, technical problems can be resolved within one to three hours. When it takes more than six hours, we conclude that there must be an attack that is more than just a technical problem, for example, a problem caused by a cyber attack,” said Silmy.

Other government processes, such as passport application and renewal, are expected to return to normal on June 24.

Silmy said in an Instagram post at about 6pm on June 20 that there was a “temporary disruption” to Indonesia’s National Data Centre (PDN) server.

The server, which is managed by the Ministry of Communication and Informatics, carries a database of information that government services use to function.

On June 23, the ministry said that recovery efforts were being carried out, but there were not many updates on the nature of the PDN incident or whether any data had been compromised.

The lack of information sent the rumour mill into overdrive, with some people alleging that the incident was a ransomware attack linked to a hacker group responsible for previous attacks.

Instagram page @ecommurz, which posts tech-related news in Indonesia, said that the PDN outage could be the work of individuals linked to ransomware group LockBit. Mr Budi confirmed on June 24 that the group was indeed involved.

The group is notorious in Indonesia for being responsible for a massive data breach in May 2023 reportedly involving the personal particulars of more than 15 million customers and staff of Bank Syariah Indonesia (BSI), the country’s largest Islamic bank.

For the latest case, experts bemoaned the lack of information and updates on the state of public services.

Beltsazar Krisetya, another expert at CSIS, said that if services had been restored, that news must have been circulated only among ministries and other officials.

“Transparency of information is not the default, and hardly any assurance has been given to the public. We did not know when the problem might end,” added the principal researcher at CSIS’ Safer Internet Lab.

Observers told The Straits Times that the PDN incident is just the latest in a long string of data security breaches that have hit Indonesia.

The BSI breach is one of three major data incidents that occurred in 2023.

In July that year, notorious hacker Bjorka allegedly leaked the data of 35 million Indonesian passport holders. Bjorka was also responsible for a leak in 2022 involving some 3.2 billion data entries linked to users of Indonesia’s official Covid-19 contact-tracing app.

Another hacker, Jimbo, was said to have accessed the General Elections Commission’s database in November 2023 and put up voters’ personal data for sale on black market forums.

“Indonesia risks reputational damage when these data incidents keep happening. There is a minimal degree of transparency, and only a small segment (of society) is involved. What we need is a whole-of-society approach to cyber security,” said Beltsazar.

This should include not just government representatives and agencies, but also other stakeholders such as technical experts and community groups, he added.

There is concern that the breach might scare off foreign investors, especially those in the lucrative tech industry, from parking their money in Indonesia if the country cannot adequately protect data.

Big names in the tech space, including Apple chief executive Tim Cook, Microsoft chief Satya Nadella and Tesla founder Elon Musk, have visited Indonesia in recent months.

The latest incident may increase doubt in the government’s ability to be good stewards of data, Habib pointed out.

“Companies might consider twice if they do not think their data will be protected. They might doubt Indonesia’s ability to take care of private information, which is a big concern for them,” he said. - The Straits Times/ANN