JAKARTA (Reuters) – Indonesia’s election commission is investigating the release of 2.3 million voters’ private information on a hacker website along with a threat to release of the data of about 200 million people, the agency said on Friday.
The electoral data from the world’s fourth most-populous nation was posted anonymously on the hacking forum RaidForums on Wednesday and analysts said it could be used for identity theft and fraud.
The General Election Commission (KPU) confirmed the authenticity of the data, such as home addresses and national identification numbers, and said it was working to determine the source. It confirmed some of the data dated back to 2013.
“The KPU has been working since last night to look into that,” Viryan Aziz, one of its commissioners, told Reuters.
He denied the leak had originated from the commission’s servers, saying the same data had been shared with political parties and presidential candidates, in line with the law.
Whoever posted the data on the forum did not identify themselves, saying only, “I got more than 200 million Indonesians’ citizenship data that I will share…soon”.
More than 192 million people were eligible to vote in national and regional elections last year.
Reuters was unable to contact the hacker or the site on which the data was released. The leak was first reported by data breach monitoring firm Under the Breach.
The release followed investigations by e-commerce platform Tokopedia into accusations that the data of 91 million users leaked online in early May.
Indonesian civil society groups said it exposed serious vulnerabilities.
“The safety of voter data is uncertain,” Titi Anggraini, director of the Association for Elections and Democracy, told Reuters. “We are not safe as citizens.”
(By Stanley Widianto and Fanny Potkin; Editing by Kate Lamb, Matthew Tostevin and Clarence Fernandez)