Indonesia is looking into a possible security flaw in its COVID-19 testing and tracing app, which could have exposed personal information of around 1.3 million people, the country’s health ministry said.
According to a Reuters report, researchers from cybersecurity network vpnMentor alerted Indonesian authorities to a vulnerability in the Health Alert Card (eHAC) app. Users’ personal information and health statuses were accessible “due to the lack of protocols put in place by the app’s developers.”
People entering Indonesia are required to use the eHAC app as part of COVID-19 safety measures. It was launched this year by the Indonesian Ministry of Health.
Anas Ma’ruf, a health ministry official in charge of data, said the security flaw was for an earlier version of the app, which has not been used since July.
“The eHAC from the old version is different from the eHAC system that is a part of the new app,” he said. “Right now, we’re investigating this suspected breach.”
According to vpnMentor, aside from compromising the users’ cybersecurity, such data breaches could undermine public trust in COVID-19 tracing apps.
In May, the Indonesian government investigated an alleged breach into BPJS Kesehatan, the government entity that runs the country’s universal health coverage programme.