INDONESIANS expressed concern over the security of their personal medical data today after the president’s coronavirus vaccine certificate was leaked and a large test app also appeared compromised.

Indonesia has a weak cyber-security record, with poor online literacy and frequent leaks previously.

Joko Widodo’s vaccine certificate – which circulated online, showing his censored ID number and vaccination times – was leaked by users who found his data on official vaccine-monitoring app PeduliLindungi, the government said.

“Certain people have accessed the vaccine certificate of Joko Widodo by using a vaccine check feature available in Pedulilindungi,” an official statement said.

Jakarta-based Ageng Wibowo, 39, said the leak made him nervous and called for tougher cyber security laws.

“If a president can have his data leaked, what about me who is just a regular person?”

However, Communication and Information Ministry officials deflected blame and said Widodo’s data was accessed via the General Commission of Elections website.

Health minister Budi Gunadi Sadikin said authorities have blocked access to public officials’ data following the breach.

Officials added they were working to improve PeduliLindungi users’ data security.

The leak comes only days after researchers of encryption provider vpnMentor revealed the data of 1.3 million users of a government test-and-trace app had been compromised.

The researchers said among the information leaked were passengers’ data and Covid-19 test results.

“Data breaches happen more frequently in Indonesia because of the very high digital penetration in Indonesia which unfortunately is not followed by proper digital awareness from those who are managing the data,” said cyber-security analyst Alfons Tanujaya in Jakarta.

People also expressed their anger online, with one user tweeting: “How many more big cases do we need to show that the IT and data management in our country is a failure?”

In May, the data of more than 200 million participants of the National Health Care and Social Security Agency (BPJS Kesehatan) was allegedly leaked by hackers. – AFP, September 4, 2021.