Indonesia probes alleged data leak in COVID-19 test, tracing app

VpnMentor said data of around 1.3 million users have been exposed.

Indonesia is investigating the alleged data leak from its testing and tracing application, the electronic Health Alert Card (eHAC), a health official said.

Anas Ma’ruf, director of the Health Ministry Data and Information Centre, said Tuesday that the suspected leak of information from the data was in the earlier version of the application which has not been in use since July, according to a Reuters report.

He urged the public to delete the old application, noting that the alleged breach may have stemmed from a partner. He said that the new current EHAC system is now managed by the government and guaranteed its safety.

VpnMentor on Monday reported that it found a data breach in the eHAC program wherein the developers failed to implement adequate data privacy protocols which left exposed the data of over 1.3 million people on an open server.

The application is used by travellers entering Indonesia from overseas, both its citizens and foreigners, and is required for domestic flights.

Types of data exposed include travel information, medical records, COVID-19 status, and Personal Identifiable Information data.

VpnMentor said the alleged leak of users’ data may be used in a wide range of attacks and scams and may pose several risks in the country’s efforts to contain the spread of the virus. Hackers may also use data on individual hospitals and their staff and use them to target hospitals in phishing, fraud, and viral attacks.