The Entire Electorate of Indonesia May Have Been Exposed

Last updated September 25, 2021
Written by:
Bill Toulas
Bill Toulas
Infosec Writer

According to a Reuters report, the Indonesian Election Commission is currently investigating a potential data breach that may have resulted in the exposure of the country’s entire electorate. A hacker who claims to be responsible for the data breach has already released a data sample containing information about 2.3 million voters, and the same person claims to have another 200 million records in his/her possession. Indonesia is the fourth most crowded country in the world, having 268 million people, so this breach could be one of the biggest ones in history.

The country’s general election commission (KPU) has confirmed that the sample of the data is valid, so they fear that the hacker may indeed possess what he/she threatens to release soon. The person is leaking this data on a dark web forum, and it is possible that Under the Breach tipped KPU since they discovered it first. The whole situation hasn’t progressed to a full-blown exposure yet, and hopefully, KPU will be able to negotiate with the hacker before the entire country is exposed online. The information included in the records involves full names, home addresses, national identification numbers, and other sensitive data.

A spokesperson for the KPU told Reuters that the leak hasn’t originated from the commission’s servers, as the same dataset has been previously shared with presidential candidates and also political parties in Indonesia. That sharing was lawful, but the unfortunate leak on the dark web isn’t, of course. The safety of the voters’ data has been breached, and this has a fundamentally adverse effect on the trust people have towards the national authorities. Also, Indonesia had a general election back in April 2019, so most records are relatively recent.

We have seen such incidents occur in other countries like the United States and Israel, and it’s never happening for the betterment of society. When exposed, voters fear for their privacy and safety and may even abstain from voting in the future. In the recent case of Indonesia, having people’s names, home addresses, and national IDs is pretty catastrophic in any way you see it. Even if KPU isn’t directly liable for the data breach, the authority should ensure that the receivers of the government-sent data would handle it with the appropriate responsibility.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: