Pelanggaran Keamanan Sistem Komputer
(Studi Kasus Unauthorized Access dan Dampaknya terhadap Privasi Data)
DOI:
https://doi.org/10.55606/jutiti.v5i3.6290Keywords:
Cybersecurity, Data Privacy, DPIA, Identity Protection, Password SprayingAbstract
Unauthorized access incidents often occur stealthily, with password spraying attacks resulting in the misuse of legitimate credentials. This study reconstructs a real-world incident using system logs from Identity Provider/Single Sign-On (IdP/SSO), Security Information and Event Management/Endpoint Detection and Response (SIEM/EDR), and application-level sources. The attack techniques were mapped to the MITRE ATT&CK framework, focusing on T1110 (Brute Force) and T1078 (Valid Accounts). A Data Protection Impact Assessment (DPIA) was conducted based on the Indonesian Personal Data Protection Law (Law No. 27 of 2022), complemented by a gap assessment against ISO/IEC 27001 and 27002 controls. The results show that the attack’s success was driven by incomplete Multi-Factor Authentication (MFA) deployment, the continued use of legacy/basic authentication, weak adaptive rate-limiting and lockout mechanisms, and a monitoring system limited to alert-only functions. The DPIA identified exposure of thousands of personal data records with medium-to-high privacy risks, particularly concerning confidentiality breaches and identity impersonation, necessitating possible notification to authorities and affected data subjects. The study recommends enforcing MFA across all access channels, disabling legacy authentication, implementing risk-based or step-up authentication, activating automatic blocking for password spraying and impossible travel anomalies, extending DPIA coverage during control changes, and updating the Statement of Applicability to reflect modern security controls. Strengthening identity protection and adopting preventive monitoring are shown to significantly reduce privacy risks while easing compliance obligations.
Downloads
References
Agung, S. F. A. T., & Nasution, M. I. P. (2023). Perlindungan hukum terhadap data pribadi konsumen dalam melakukan transaksi di e-commerce. Jurnal Ekonomi Manajemen dan Bisnis (JEMB), 2(1), 5–7. https://doi.org/10.47233/jemb.v2i1.915
Bahtiar, R. A. (2020). Potensi, peran pemerintah, dan tantangan dalam pengembangan e-commerce di Indonesia [Potency, government role, and challenges of e-commerce development in Indonesia]. Jurnal Ekonomi dan Kebijakan Publik, 11(1), 13–25. https://doi.org/10.22212/jekp.v11i1.1485
Choudhury, N., & Singh, R. (2022). Multi-factor authentication in cloud security: A critical review. International Journal of Computer Applications, 184(31), 1–7. https://doi.org/10.5120/ijca2022922222
Disemadi, H. S. (2021). Urgensi regulasi khusus dan pemanfaatan artificial intelligence dalam mewujudkan perlindungan data pribadi di Indonesia. Jurnal Wawasan Yuridika, 5(2), 177. https://doi.org/10.25072/jwy.v5i2.460
Josephine, Y. (2021). Human capital, economic growth and poverty reduction nexus: Why investment in free compulsory universal education matters for Africa. International Journal of Humanities and Social Sciences, 13(2), 50–60. https://doi.org/10.26803/ijhss.13.2.3
Kumar, S., & Gupta, P. (2023). Cybersecurity threats and mitigation strategies in digital ecosystems. Journal of Information Security and Applications, 76, 103576. https://doi.org/10.1016/j.jisa.2023.103576
Niffari, H. (2020). Perlindungan data pribadi sebagai bagian dari hak asasi manusia atas perlindungan diri pribadi: Suatu tinjauan komparatif dengan peraturan perundang-undangan di negara lain. Jurnal Hukum dan Bisnis (Selisik), 6(1), 1–14. https://doi.org/10.35814/selisik.v6i1.1699
Puspita, K. (2023). Perlindungan hukum data pribadi konsumen dalam perjanjian pinjaman online di Indonesia. Jurisprudensi: Jurnal Ilmu Syariah, Perundangan-Undangan dan Ekonomi Islam, 15(1), 67–83. https://doi.org/10.32505/jurisprudensi.v15i1.5478
Putra, T. I. (2023). The analysis of the legal protection of ship’s crew in sea work agreement in Indonesia. Indonesian Journal of Advocacy and Legal Services, 5(2), 181–206. https://doi.org/10.15294/ijals.v5i2.75367
Raab, C. D. (2020). Information privacy, impact assessment, and the place of ethics. Computer Law & Security Review, 37, 105404. https://doi.org/10.1016/j.clsr.2020.105404
Rahmawati, D., & Prasetyo, T. (2024). Analisis implementasi multi factor authentication untuk pencegahan unauthorized access pada sistem informasi pemerintahan. Jurnal Teknologi Informasi dan Komputer (J-TIK), 9(1), 42–51. https://doi.org/10.33387/jtik.v9i1.6543
Ramadhani, S. A. (2022). Komparasi perlindungan data pribadi di Indonesia dan Uni Eropa. Jurnal Hukum Lex Generalis, 3(1), 73–84. https://doi.org/10.56370/jhlg.v3i1.173
Sulistianingsih, D., Ihwan, M., Setiawan, A., & Prabowo, M. S. (2023). Tata kelola perlindungan data pribadi di era metaverse (Telaah yuridis Undang-Undang Perlindungan Data Pribadi). Masalah-Masalah Hukum, 52(1), 97–106. https://doi.org/10.14710/mmh.52.1.2023.97-106
Tegar Islami Putra, Fibrianti, N., & Fakhrullah, M. R. (2024). Data protection impact assessment indicators in protecting consumer personal data on e-commerce platforms. The Indonesian Journal of International Clinical Legal Education, 6(1), 111–150. https://doi.org/10.15294/iccle.v6i1.2002
Widodo, A., & Lestari, F. (2023). Analisis risiko pelanggaran privasi data pribadi berdasarkan UU No. 27 Tahun 2022. Jurnal Hukum & Teknologi Informasi Indonesia, 2(2), 88–102. https://doi.org/10.36787/jhti.v2i2.839
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2025 Jurnal Teknik Informatika dan Teknologi Informasi
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
