A leak online of the president’s Covid-19 vaccine certificate has heightened concern in Indonesia about information security, coming in the same week as a data breach affecting 1.3 million users of a government contact-tracing application
President Joko Widodo’s vaccine records were accessed using the app, PeduliLindungi, and shared widely on social media, raising questions among experts about the government’s commitment to data security.
Digital analyst Ismail Fahmi said the leak showed how easy it was to view or potentially use another individual’s vaccination certificate, even that of a head of state.
“If there was protection, there would be an investigation into why this problem persists, why personal records can be easily mined,” he said.
“But there is no such protection.”
Health Minister Budi Gunadi Sadikin on Friday said officials’ records could no longer be accessed.
Some social media users expressed dismay over flaws in the application, which was last month made mandatory.
“I trust the government’s apps less and less after this,” said a Twitter user under the handle @delrellove.
Another user, Denny Siregar, who has more than a million followers, said: “Our data protection is very low. Even the president’s got leaked.”
The application includes private biodata and displays vaccination dates and types administered. Its use is required for air travel and entering malls.
Fadjroel Rachman, a presidential spokesman, said his office regretted the breach.
“We hope that relevant authorities can conduct certain procedures to prevent similar incidents from happening, including the protection of the people’s data,” he said.
A data protection bill was submitted to parliament last year but has yet to be passed.
The government on Tuesday said it was investigating a problem in an earlier version of the app that exposed data of about 1.3 million people.
It came a few months after an alleged breach of social security data by a state insurer.
“The problem is still the same, there is no grand strategy to protect citizen data,” said Damar Juniarto of digital advocacy group SAFEnet.
“With good privacy standards and design, there should be limits on being able to check other people’s data, let alone the president’s.”