Investigation Report:

Issue data breach via their website

plugin
In 11 May 2020, Faculty of Computer Science Universitas Indonesia (Fasilkom UI) received
report that indicated user data breach/data leak on the website of Fasilkom UI. The report came
from National Security Operations Center that monitoring data traffic transaction in online
forum.

Based on investigation result of Center for Cyber Security and Cryptography Fasilkom UI, as
conclusion that reported data breach was security incident occurred before in about 2015. The
cause of that data breach is a bug from one of website plugin on domain cs.ui.ac.id that
development period in 2010. 

As for data breach is data staff Fasilkom UI consist of username, fullname, and password with
hash form, not in plain text that can read easily. Fasilkom UI conceived that was
data dummy from website plugin on medio 2010, so it was not related directly to the system
access in enviroment of UI this time because of that already based on Single Sign On (SSO). 

To be known, that problem plugin and website have already handled at the time the incident was
first reported in 2015. However, Fasilkom UI keep making to overcome possible security
vulnerabilities, include update system security overall. 

University of Indonesia commit to maintain data privacy of college student and staff with any
mitigation plan in order to secure data privacy. To respond data leak incident like this and
increase of cyber security attack, UI also increase system and practice to maintain sensitive
information security system.