An official of Indonesia’s information technology ministry resigned as the government continues an audit of its data centres in the wake of the nation’s worst cyberattack.

Semuel Abrijani Pangerapan, director-general for applications and information at the Communications and Information Technology Ministry, stepped down on Thursday, following last month’s massive hack that crippled government services from airports to scholarships. Pangerapan said he was “morally responsible”.

The attack hit more than 280 agencies - most of whom saw their data wiped out. The hacker group that claimed responsibility has since unexpectedly apologised and released a key for unlocking the stolen data, even after the government said it wouldn’t pay the US$8 million ransom demanded. The technology ministry said the key works, and that it was working on a full system recovery. It earlier said it a full recovery would take until next month, with only 2% of data salvaged and the rest considered lost.

President Joko Widodo on Wednesday ordered a cybersecurity audit and immediate backup of national data centres. The government will also require all its agencies to have multiple backup options. “The most important thing is to find a solution so that it doesn’t happen again,” said Jokowi, as the leader is known.

However, the measures have failed to appease the public and more than 23,000 signatures have been collected in a petition calling for Communications Minister Budi Arie Setiadi’s resignation. When asked whether he would remove the minister, Jokowi said “everything was being evaluated”.

The attack led to long lines at immigration services across Indonesia’s major airports. With their systems down, officials had to resort to writing down every passenger’s passport and flight details manually at the border. Thousands of state scholarship recipients’ data was lost.

A major vulnerability in this case was that fundamental data security standards weren’t followed, with no proper backups existing for the thousands of virtual machines supported by the data centre targeted in the attack, said Alfons Tanujaya, an Indonesian cybersecurity expert and leader of the local tech-focused business association Aptiknas. It is the first time that a government official had resigned over a cyberattack, he said.

“This can be considered as largest cyberattack in Indonesia’s history, from the scale of data impacted,” he said.

State-owned telecommunications firm PT Telkom Indonesia, whose subsidiary manages the data centre that was attacked, acknowledged weaknesses in the system.

Many security measures such as disaster recovery plans and various backup options weren’t fully available, said Muhamad Hidayat, an information security analyst at Jakarta-based tech services firm PT SysTech Global Informasi. The scale of the hack compromised “almost all” government data, as the centre managed data across multiple ministries, he said.

Cyberattacks are a frequent occurrence in Indonesia, with at least 113 cases of personal data leaks reported in the past two years, according to digital rights group SAFEnet. In recent weeks, hackers have leaked the personal data of hundreds of police officers and soldiers, and changed the name of the law ministry’s official YouTube account to “Tesla”.

  - Bloomberg