Data Leakage Incident at KreditPlus Raises Concerns About Personal Data Protection

Data leakage is once again making headlines, this time affecting the fintech company KreditPlus in Jakarta. Nearly 896 personal data of KreditPlus users were reportedly leaked and traded on hacker forums, raising concerns about cybersecurity in the digital age.

The leaked data includes sensitive information such as names, KTP numbers, email addresses, passwords, addresses, cellphone numbers, job details, and family data of guarantors. The discovery was made by cybersecurity activist Teguh Aprianto, who shared the findings on Twitter.

KreditPlus, a multi-use financing service for vehicles and heavy equipment, is owned by PT Finansia Multi Finance and has been operating since 1994 under the supervision of the Financial Services Authority (OJK). The leaked data was reportedly shared on hacker forums since July 16, highlighting the urgency of data protection laws in Indonesia.

Cybersecurity observer Pratama Husada emphasized the need for the Personal Data Protection Act to hold electronic service providers accountable for securing public data. Without proper regulations, sensitive information can be easily accessed and misused for fraudulent activities.

In Europe, regulations like the General Data Protection Regulation (GDPR) ensure that data collected is encrypted and protected from unauthorized access. Pratama urged the Indonesian government to expedite the discussion of the Personal Data Protection Bill to prevent future data breaches and safeguard individuals’ privacy.

To enhance cybersecurity measures, technology providers are advised to encrypt all data, conduct penetration tests, and offer bug bounties for identifying security vulnerabilities. Additionally, individuals are encouraged to strengthen their online security by using strong passwords, enabling two-factor authentication, and avoiding suspicious links.

The recurring incidents of data theft underscore the importance of educating and enforcing stricter cybersecurity measures in Indonesia. Kominfo and BSSN are urged to collaborate with PSTEs to enhance data protection and attract investors by ensuring a secure digital environment.

As the digital landscape evolves, protecting personal data is crucial for both individuals and businesses. By implementing robust cybersecurity practices and advocating for stronger data protection laws, Indonesia can mitigate the risks of data breaches and safeguard sensitive information in the digital age.