Australian News Today

Some Australians travelling to Bali are accidentally having their passport details exposed to strangers

Some Australians travelling to Bali are accidentally having their passport details exposed to strangers

The passport details of some Australians travelling to Bali are being inadvertently exposed to strangers due to a glitch in Indonesia’s electronic visa system.

The ABC can reveal Indonesia’s immigration authority has been aware of the problem for some time, but it remains unfixed.

Three Australians who had recently separately travelled to Bali had similar experiences, with the sensitive details of strangers appearing on their phones when they scanned a QR code on the visa document.

Passport information of other travellers is being exposed when scanning visa QR codes. (ABC News: Melanie Vujkovic)

Melbourne-based Lauren Levin said she was stunned when the full names, dates of birth, passport numbers, photos and other details of several travellers appeared.

“I could see the visa data of two other Australians, and presumably they could see my private data too,” she said.

“We seem to have been allocated the same document number.”

Three girls walk along a white sandy beach on a sunny day.

More than a million Australians visit Indonesia each year. (ABC News: Mitch Woolnough)

The ABC has also seen screenshots from Ms Levin’s cousin’s e-visa document for a separate trip two months ago, which displayed the personal details of a man travelling to Bali from India.

Another Australian traveller to Bali could see the details of two travellers from China on his document, including their passport photos.

“When I spoke to an immigration supervisor at the airport [in Bali], he said this had been going on for a while and ‘everyone was impacted, not just me’,” said Ms Levin.

“With the risk of identity theft, I’m worried that my data and that of other Australians has been compromised.”

A woman wearing a blue long sleeve shirt surfs a wave on her surfboard.

Australians make up a quarter of tourists in Bali. (ABC News: Mitch Woolnough)

A spokesman from Indonesia’s Immigration department in Jakarta told the ABC that staff are in the process of fixing anomalies in the system.

“We are aware of this problem, but we have tens of thousands of visa-on-arrival applications every day,” he said.

“Some anomalies like this have happened before, but it doesn’t mean we are normalising it, we continue to learn from problems to improve the system,” the spokesman said.

The Australian Embassy in Jakarta was alerted to a possible data breach involving Australians applying for Indonesian e-visas in late September, and has been in contact with Indonesia’s Directorate General for Immigration about it.

The Smartraveller travel advisory for Indonesia remains unchanged. 

Recent string of data breaches

It is difficult to determine how many visitors to Indonesia are affected because not every visa applicant experiences the problem.

However, more than one million Australians visit Indonesia each year and make up more than a quarter of tourists in Bali.

A Sydney family of three currently visiting Bali said their visa documents all showed normal information when they scanned the QR code.

The privacy breach comes just months after Indonesia implemented smart e-gates at airports across the country, designed to streamline the customs process.

A man holding a suitcase and a passport next to a QR code

On social media, Bali immigration officials say the E-VOA/E-VISA makes going through the airport “a breeze!”  (Instagram: @imngurahrai)

Data breaches have recently been in the headlines in Indonesia, after the country’s Directorate General of Taxes last month investigated the theft of six million taxpayer IDs, which were reportedly being sold on the dark web.

A cyber security expert from Prasetiya Mulya University in Jakarta, Alfons Tanujaya, said this latest data glitch was part of a pattern.

“Indonesia has been experiencing repeated data leaks, and no matter what recommendations and solutions experts offer, it’s in vain,” he said.

“If immigration is aware of the glitch already, they should first halt the use of the system and fix the problem,” he said.

“They need to be more professional.”

In August, Indonesia’s civil service agency urged staff to reset passwords after the details of 4.7 million people were offered for sale on a hacked data forum.

And in June, a ransomware attack on a temporary national database facility affected 280 government institutions across the country.

A pool.

Indonesia’s Immigration department said it’s aware of the data glitch and is fixing it. (Foreign Correspondent: Mitchell Woolnough)