Indonesians expressed concerns over the security of their personal medical data on September 4 after the president’s coronavirus vaccine certificate was leaked and a large test app also appeared compromised.

Indonesia has a weak cyber security record, with poor online literacy and frequent leaks previously.

Joko “Jokowi” Widodo’s vaccine certificate – which circulated online, showing his censored ID number and vaccination times – was leaked by users who found his data on official vaccine-monitoring app PeduliLindungi, the government said.

“Certain people have accessed the vaccine certificate of Mr Joko Widodo by using a vaccine check feature available in Pedulilindungi,” an official statement said on September 3.

Jakarta-based Ageng Wibowo, 39, said the leak made him nervous and called for tougher cybersecurity laws.

“If a president can have his data leaked what about me who is just a regular person?”

However, Ministry of Communication and Information Technology officials deflected blame and said Jokowi’s data was accessed via the General Commission of Elections website.

Health minister Budi Gunadi Sadikin said authorities have blocked access to public officials’ data following the breach.

Officials added that they were working to improve PeduliLindungi users’ data security.

The leak comes only days after researchers of encryption provider vpnMentor revealed the data of 1.3 million users of a government test-and-trace app had been compromised.

The researchers said among the information leaked were passengers’ data and Covid-19 test results.

“Data breaches happen more frequently in Indonesia because of the very high digital penetration in Indonesia which unfortunately is not followed by proper digital awareness from those who are managing the data,” said cybersecurity analyst Alfons Tanujaya in Jakarta.

People also expressed their anger online, with one user tweeting: “How many more big cases do we need to show that the IT [information technology] and data management in our country is a failure?”

In May, the data of more than 200 million participants of the National Health Care and Social Security Agency (BPJS Kesehatan) was allegedly leaked by hackers.