Analysis of e-Hac Data Leakage Cases based on Big Data Social Media Platforms

by Wida Reza Hardiyanti

Alumnus of the Faculty of Economics and Business Gadjah Mada University. Currently employed as a business consultant in the international development program to eradicate poverty of smallholder farmers in the Eastern Indonesia. Former researcher in independent research firm in Yogyakarta named Forbil Institute and Definit.


One of the flight requirements during the pandemic is the registration of prospective passengers in the e-Hac application. This requirement has positive and negative impacts on transportation sector services in Indonesia. The positive impact is that it creates a sense of security and comfort for passengers because only passengers who board have received vaccinations and are negative for COVID. The negative effect is a strict passenger selection so that people who have not been vaccinated cannot fly. Another negative impact is that the platform that accommodates the health data is not yet equipped with a qualified security system, so that it is vulnerable to being hacked by hackers. The collection of health data and information through this digital space is a new challenge due to gaps in the system. Chapter II article 3 paragraph (1) letter b of the PDP Bill states that health information and data is one of the specific personal data that is a priority to be protected in the PDP Bill (Personal Data Protection). Cases of leakage of personal data in various platforms have repeatedly occurred in Indonesia. Therefore, data security is a very crucial factor in protecting the personal data of platform users. One of the attitudes that should raise is awareness for health data owners, data users, the ministry of health, and data managers, namely cloud platform owners (IT experts). In addition, it is necessary to improve the governance and management of personal data protection, one of which is the presence of a Data Protection Officer (DPO) who is in charge of maintaining data security in each institution.

The data entered in the e-Hac application includes the city of origin, destination city, destination address (can be filled in the hotel or accommodation address), as well as transportation details (airplane) along with the name of the airline, flight number, seat number, date and time of departure and arrival, and vaccination certificate. E-Hac (electronic-Health Alert Card) or Electronic Health Alert Card is intended for everyone who travels domestically and internationally during the COVID-19 pandemic. The goal is to minimize the risk of transmission of COVID-19 by travellers.

This paper will analyze how people react to the alleged leak of 1.3 million user health data in the e-Hac application through social media platforms. The data used is secondary data sourced from Drone Emprit, a dashboard data aggregator from Twitter and big data monitoring that the public can access openly. 3,388 Twitter users are discussing the e-Hac data leak. Even though there was a decrease in the total mention topic of e-Hac leaks, many users still discussed this from 31 August-7 September. When analyzed from the emotional condition of people discussing e-Hac, it is known that the dominant emotion is trust, and the second dominant emotion is shock, and the third is anger. From this, it can conclude that the alleged leak of health data managed by the Ministry of Health does not cause the public to lose confidence in institutions that manage personal data. The theft of personal data belonging to government institutions is not the first time this has occurred (Drone Emprit, 2021). During the 2020-2021 period, several data leaks were aggregated by government institutions, for example, the data leak of BPJS (Social Security Management Agency), KPK (Corruption Eradication Commission), and e-Hac. Unfortunately, enforcement of data leakage cases in Indonesia is still very minimal, which has led to more cases of personal data theft.

However, although the dominant emotion is trust, there is a shift in the perceived emotional trend. From what was initially dominated by the trust since August 31-September 2, then turned into anger from September 3-5. This shows that people's trust in the government's ability as the owner and manager of their personal data is slowly eroding over time. The reason for this is that the e-HAC personal data leak shows that the management of citizens' personal data is still managed carelessly by the government and has not paid much attention to the security aspect.

The discussion about the leakage of health data belonging to e-Hac application users in Indonesia seems to be the subject of debate for social media users who are domiciled in Indonesia and users in Malaysia, China, and Thailand. Sentiment to the current news is dominated by positive sentiment, meaning that it is dominated by positive comments that are like of the topic, constructive, informative, or suggestive. This is also marked by the popular hashtag used by Twitter users regarding the e-Hac data leak, which is a cheerful, optimistic, and constructive hashtag, namely #PeduliLindungiNotBocor. On the other hand, there are not many negative sentiments in the form of dislike, satire, criticism, and a contra attitude towards data management by the government. One example of positive sentiment is a tweet from a user which reads, "Menkominfo Ensure e-HAC in Care Protect Application is Still Safe". Another example of positive sentiment is "This alleged incident of personal data leakage does not affect data security in the e-HAC application which is integrated with the PeduliLindung application, where data storage has been carried out at the National Data Center (PDN)".

While another example of negative sentiment, for example, a netizen's tweet, is "Wow, this is getting more and more worrying if a partner can have a complete copy of the data. How come? The new e-HAC at PeduliLindung guarantees that no partner can have a complete copy of the data? The data is so rich that there must be much interest." Another example of negative sentiment is, "Can you not make a safe application, create a security system like a bank that may minimize data leakage? How come this is prone to be hacked like yesterday's e-HAC case, and there is no accountability either."

sts whether accounts discussing a particular topic on social media are fake accounts, accounts run by robots (bots), or real human accounts. Scores of 4 and 5 indicate that the account is a bot account. Based on botometer analysis, most Twitter accounts talking about data leaks were real accounts, no fake accounts or bots. However,  still found several bot accounts discussing the topic of the data leak.

Based on the above, it can conclude that public trust in their personal data entered into government-run applications is still relatively high. However, there has been a decline in the trend of public trust from time to time along with data leaks that occur in a row. This means that it is essential for the government to rebuild its image and credibility in the public's eyes. The main thing that must do is create a data security system that is not easily broken into. Furthermore, the draft bill of general data protection regulation must pass as soon as possible to create certainty of law enforcement regarding data protection. Data is the new gold, so it's no wonder that data is now one of the most valuable commodities often traded on the black market. Therefore, cooperation from various parties is needed to increase the awareness of owners, users, and data managers to maintain data security. The appointment of a Data Protection Officer in each data management agency is very urgent to prevent the recurrence of the same incident in the future. Let's protect the nation, starting with protecting our personal data.


Drone Emprit Open Access Data. 2021. Kebocoran Data E-Hac [E-Hac Data Leakage]. Retrieved from


Kominfo. 2020. RUU PDP [Draft Bill of General Data Protection Regulation]. Retrieved from

Diterbitkan oleh The goal is to increase the awareness of pada 20/09/2021