Jakarta, Gizmology – Hacker Bjorka is back in action this time allegedly leaking 44 million MyPertamina application data containing names, electronic mail (email), population identification numbers (NIK), identity card (KTP) numbers, and taxpayer identification numbers (NPWP). The data was even sold for US$ 25,000 or Rp 392 million.
Cybersecurity expert Pratama Persadha revealed the data claimed by Bjorka, totaling 44.237.264 lines with a total size of 30 gigabytes when uncompressed. Checking a random sample of data shows valid identity matches.
“In addition, checking NIK through the Dataku application is also suitable. This means that the sample data provided by Bjorka is valid data,” said Chairman of the Indonesian Cyber Research Institute CISSReC in his statement, Friday (11/11/2022).
Until now, Pratama said, the source of the data is still unclear. However, only Pertamina itself can answer whether this data is genuine or not. This is because Pertamina who created this application also owns and stores this data.
According to Pratama, the best way is to conduct a digital forensic audit and investigation to ascertain where the data leak came from. He considered it necessary to check the information system of the MyPertamina application in advance.
“If a security hole is found, it means that hacking and data theft are likely to occur. With a thorough check and digital forensics, if there are absolutely no security holes and digital traces of hacking, it is possible that this data leak occurred due to an insider or this data was leaked by an insider,” He explained.
Also Read: Bjorka is back in action now leaking 44 million MyPertamina user data
MyPertamina App Data Leak
Moreover, if this is really MyPertamina data, according to him, Article 46 of Law Number 27 of 2022 concerning Personal Data Protection (UU PDP) paragraphs (1) and (2) applies. The article states that in the event of a failure to protect personal data, the personal data controller must submit a written notification, no later than 3 x 24 hours.
Where Pertamina as the owner of the MyPertamina application must submit information to the subject of personal data and the Personal Data Protection Implementing Agency (LPPDP). Pratama explained that the notice must at least contain the personal data disclosed, when and how the personal data was disclosed, as well as the handling and recovery efforts for the disclosure by the personal data controller.
Related to this, PT Pertamina (Persero) opened its voice. PT Pertamina Patra Niaga Corporate Secretary Irto Ginting said that his company is conducting an investigation related to the security of its application users’ data. Unfortunately, Irto still cannot explain in more detail the cause or the truth of how much data was leaked.
“We are conducting a joint investigation to ensure the security of data and information related to MyPertamina,” said Irto Ginting in a short message.
