Tokopedia, Communications Ministry Sued Over 91 Million Data Breach

The Tokopedia data breach which saw 91 million accounts compromised is now sparking a legal response. The KKI is suing the company and the government.

Late last week, we reported on the data breach of Tokopedia. In it, 91 million accounts were compromised. While Tokopedia may not be a familiar name for many western society, it is the largest e-commerce service in Indonesia. So, for those living in Indonesia, a story like this is definitely making waves in the countries tech sector.

In that light, it’s probably not a huge surprise that such a high profile data breach would get noticed by the countries legal community. The Indonesian Consumer Community (KKI) is filing a lawsuit against both Tokopedia and the Communication Ministry over the breach. The organization is saying that Tokopedia has been negligent in handling people’s personal information. From Antara News:

In line with existing laws, personal data is confidential and must be stored, maintained, and protected.

The regulation is contained in Article 1, number 22 of Law Number 24 of 2013 on Amendment to Law Number 23 of 2006 on Population Administration in conjunction with Article 1, number 20 of PP Number 71 of 2019 on Operation of Electronic Systems and Transactions in conjunction with Article 1, number 1 of PM of Communication and Information Number 20 of 2016 on Protection of Personal Data in Electronic Systems.

The state necessitates every party that obtains personal data to maintain confidentiality and protect the personal data and privacy of citizens conducting electronic transactions.

KKI Chairman David Tobing also expressed regret over Tokopedia not divulging details of the data that was stolen and mishandled by a third party.

The Communication and Informatics Ministry also faces legal action over its ineptness in supervising the implementation of the electronic system to prevent leakage of personal data.

The ministry is tasked with controlling, inspecting, tracking, and securing personal data in line with Article 35 and paragraph (1) of Government Regulation (PP) Number 71 of 2019.

It’s unclear in the article if the plaintiff in this case is seeking monetary damages in any way and, if so, how much. Still, with a breach this large, it is likely going to be a high profile high stakes situation in the country. If the country wasn’t watching this one closely before, it probably is now.

Drew Wilson on Twitter: @icecube85 and Facebook.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: