Indonesia’s Critical e-Visa Security Flaw Exposes Thousands of Travelers
A major security flaw in Indonesia’s e-Visa system has exposed sensitive data of thousands of travelers, raising concerns over data protection as the country seeks to boost tourism post-pandemic.
Indonesia’s electronic visa system has been hit by a major security flaw, putting the confidential information of thousands of travelers at risk. The breach comes as Indonesia works to strengthen its appeal to tourists, particularly in Bali.
A bug with alarming consequences
The issue was uncovered when several Australian tourists scanning the QR code on their e-visa found they could access the personal data of other travelers. Full names, birth dates, passport numbers and even photos were exposed to strangers.
Lauren Levin, a Melbournian vacationing in Bali, was shocked to discover the details of two other Australians on her document.
"I felt like I’d been a victim of identity theft."
This malfunction appears to be far from isolated. Other travelers from diverse backgrounds report similar incidents, including one Australian who accessed the data of two Chinese tourists, while Lauren Levin’s cousin found an Indian traveler’s details on his e-visa.
Slow response from authorities
Amid widespread concern, Indonesian authorities have finally acknowledged the issue. A spokesperson for Jakarta’s Immigration Department admitted the flaw exists, stating teams are working to fix it—but their response raises concerns over complacency.
"We receive tens of thousands of visa-on-arrival applications daily (20,000, ed.). Such anomalies have happened before, but that doesn’t mean we're trivializing it."
Authorities, Indonesian Immigration Department
This unsettling response comes as Indonesia rolls out ‘smart’ e-gates at airports designed to streamline border controls. An immigration supervisor at Bali’s airport reportedly admitted the problem had existed “for some time” and was affecting “everyone.”
High stakes for Indonesia’s tourism
This data leak comes at a critical moment for Indonesia’s tourism industry. The country welcomes over a million Australians annually—a quarter of Bali’s visitors—as it seeks to revive travel following the pandemic.
The incident raises serious questions about Indonesia’s ability to safeguard travelers’ personal data at a time when cybersecurity is becoming a pivotal concern. Just months earlier, Indonesia faced a leak of 6 million tax identification credentials, which surfaced on the dark web.
Is a regulatory crackdown on the way?
Ironically, this security failure follows a sharp tightening of Indonesia’s visa policies. Penalties for breaching immigration laws have been raised dramatically, from a maximum of one year in prison to sentences of up to 20 years.
This increased severity accompanies stepped-up enforcement on the ground. In Bali, 125 additional immigration officers have been deployed, patrolling the island in 20 jeeps and 20 motorcycles. Officers have even been granted firearms, officially to protect against “dangerous transnational criminals.”
For now, authorities insist law-abiding tourists have nothing to fear. Yet in an era where identity protection is paramount, Indonesia must swiftly demonstrate robust safeguards to reassure prospective visitors.
Spécialiste de la veille réglementaire et experte en contenus destinations, elle analyse quotidiennement l’évolution des formalités d’entrée pour traduire la complexité administrative en guides pratiques. Son rôle combine expertise terrain et précision technique afin de garantir la fiabilité des informations délivrées aux voyageurs.
