Perlindungan Data Pribadi dan Keamanan Siber di Sektor Perbankan: Studi Kritis atas Penerapan UU PDP dan UU ITE di Indonesia

Ilman Maulana Kholis

doi:10.14421/t5sfe747

Authors

Ilman Maulana Kholis UIN Sunan Kalijaga Yogyakarta

DOI:

https://doi.org/10.14421/t5sfe747

Keywords:

ransomware, perlindungan data pribadi, keamanan siber , UU PDP, UU ITE , sektor perbankan

Abstract

The rapid development of information technology has had a significant impact on the banking sector, while simultaneously increasing the risk of cyberattacks, particularly ransomware. This study aims to analyze the legal implications of the 2023 ransomware attack on Bank Syariah Indonesia (BSI), focusing on personal data protection and the effectiveness of existing regulations, namely the Personal Data Protection Law (PDP Law) and the Electronic Information and Transactions Law (ITE Law). Using a normative juridical approach and qualitative descriptive analysis, the study finds that although national regulations comprehensively cover personal data protection, their implementation in the BSI case faces several challenges, including delayed incident reporting and low institutional readiness against cyber threats. A comparison with the European Union’s General Data Protection Regulation (GDPR) reveals gaps in regulatory oversight, institutional capacity, and cross-sector collaboration in Indonesia. This study recommends strengthening regulatory enforcement, improving data security literacy, establishing an independent supervisory body, and enhancing inter-agency cooperation to build a more resilient data protection ecosystem in the national banking sector.

Abstrak

Pesatnya perkembangan teknologi informasi telah membawa dampak signifikan terhadap sektor perbankan, sekaligus meningkatkan risiko serangan siber, khususnya ransomware. Penelitian ini bertujuan untuk menganalisis implikasi hukum dari kasus serangan ransomware terhadap Bank Syariah Indonesia (BSI) pada tahun 2023, dengan fokus pada perlindungan data pribadi dan efektivitas regulasi yang berlaku, yaitu UU Perlindungan Data Pribadi (UU PDP) dan UU Informasi dan Transaksi Elektronik (UU ITE). Menggunakan pendekatan yuridis-normatif dan analisis deskriptif kualitatif, penelitian ini menemukan bahwa meskipun regulasi nasional telah mengatur secara komprehensif mengenai perlindungan data pribadi, penerapannya dalam kasus BSI masih menemui berbagai hambatan, termasuk keterlambatan pelaporan insiden dan rendahnya kesiapan institusi perbankan terhadap ancaman siber. Perbandingan dengan standar GDPR Uni Eropa menunjukkan bahwa Indonesia masih memiliki gap dalam pengawasan, kapasitas kelembagaan, dan kolaborasi lintas sektor. Penelitian ini merekomendasikan penguatan penegakan regulasi, peningkatan literasi keamanan data, pembentukan lembaga pengawas independen, serta peningkatan kerja sama antar lembaga untuk menciptakan ekosistem perlindungan data yang lebih tangguh di sektor perbankan nasional

References

(IEO), Indonesia Economic Outlook. “Kepincangan Digital: Ancaman Serius Di Balik Kesuksesan Sektor Keuangan Indonesia.” IEO, 2024. https://ieofebui.com/ieorealizemoneter.

Agus Kurniati. “Study of the Artificial Intelligence Role in Achieving Cybersecurity for Critical Information Infrastructure.” Monas: Jurnal Inovasi Aparatur 6, no. 2 (December 31, 2024): 154–65. https://doi.org/10.54849/monas.v6i2.251.

Ali Alwashali, Ali Ahmed Mohammed, Nor Azlina Abd Rahman, and Noris Ismail. “A Survey of Ransomware as a Service (RaaS) and Methods to Mitigate the Attack.” In Proceedings - International Conference on Developments in ESystems Engineering, DeSE, 2021-December:92–96, 2021. https://doi.org/10.1109/DESE54285.2021.9719456.

Andrian, Andrian. “Bank Responsibility on Customer’s Data Fraud in Indonesia.” International Journal of Social Science and Human Research 06, no. 05 (May 25, 2023). https://doi.org/10.47191/ijsshr/v6-i5-63.

Arofah, Nida Rafa, and Yeni Priatnasari. “Internet Banking Dan Cyber Crime : Sebuah Studi Kasus Di Perbankan Nasional.” Jurnal Pendidikan Akuntansi Indonesia 18, no. 2 (2020): 107–19. https://doi.org/10.21831/jpai.v18i2.35872.

Artanti Zahra Adisa, and Andriyanto Adhi Nugroho. “Perlindungan Hukum Terhadap Korban Phising Terkait Pengiriman File Apk.” Justisi 10, no. 1 (2024): 242–56. https://doi.org/10.33506/js.v10i1.2980.

Aulia Alayna Suvil, Firdaus Firdaus, M. Arif Ramadhan, Wanda Darma Putra, and Dwi Putri Lestarika. “Implementasi Perlindungan Data Pribadi Berdasarkan Undang-Undang Nomor 11 Tahun 2020.” JURNAL HUKUM, POLITIK DAN ILMU SOSIAL 3, no. 4 (August 28, 2024): 70–80. https://doi.org/10.55606/jhpis.v3i4.4235.

CNN. “Ransomware Lockbit 3.0 Klaim Lumpuhkan BSI Dan Curi Data Pengguna.” CNN Indonesia. Accessed May 20, 2025. https://www.cnnindonesia.com/teknologi/20230513093401-185-949046/ransomware-lockbit-30-klaim-lumpuhkan-bsi-dan-curi-data-pengguna.

Dhanya, Defara. “Daftar Serangan Ransomware Ke Lembaga Keuangan Indonesia: BI, BSI Dan Terbaru BRI.” Tempo.co, 2024. https://www.tempo.co/sains/daftar-serangan-ransomware-ke-lembaga-keuangan-indonesia-bi-bsi-dan-terbaru-bri-1183490.

Drąg, Paweł, and Mateusz Szymura. “Technical and Legal Aspects of Database’S Security in the Light of Implementation of General Data Protection Regulation.” CBU International Conference Proceedings 6 (2018): 1056–61. https://doi.org/10.12955/cbup.v6.1294.

Grossman, Taylor, and Trevaughn Smith. “2023 RTF Global Ransomware Incident Map: Attacks Increase by 73%, Big Game Hunting Appears to Surge.” IST, 2024. https://securityandtechnology.org/blog/2023-rtf-global-ransomware-incident-map.

Hijriani, Hijriani, Muh. Nadzirin Anshari Nur, Adnan Ali, Azis Ali, and Winner A. Siregar. “Literasi Digital Perlindungan Hukum Terhadap Data Pribadi Nasabah Pengguna Electronic Wallet.” Sultra Research of Law 5, no. 2 (2023): 85–95. https://doi.org/10.54297/surel.v5i2.59.

Kshetri, Naresh, Mir Mehedi Rahman, Sayed Abu Sayeed, and Irin Sultana. “CryptoRAN: A Review on Cryptojacking and Ransomware Attacks W.R.T. Banking Industry - Threats, Challenges, & Problems.” In Proceedings - 2nd International Conference on Advancement in Computation and Computer Technologies, InCACCT 2024, 523–28, 2024. https://doi.org/10.1109/InCACCT61598.2024.10550970.

Laras, Arlina. “Begini Serangan Ransomware BSI Tahun Lalu, Mirip Dengan Penyebab PDN Down?” Bisnis.com, 2024. https://finansial.bisnis.com/read/20240627/90/1777564/begini-serangan-ransomware-bsi-tahun-lalu-mirip-dengan-penyebab-pdn-down?

Lestari, Hesti Puji. “Kronologi BSI Diserang Ransomware Oleh Hacker Lockbit 3.0, Diduga Beraksi Sejak Libur Lebaran 2023.” Bisnis.com, 2023. https://finansial.bisnis.com/read/20230514/90/1655733/kronologi-bsi-diserang-ransomware-oleh-hacker-lockbit-30-diduga-beraksi-sejak-libur-lebaran-2023.

Luthfah, Diny. “Penguatan Keamanan Siber Pada Sektor Jasa Keuangan Indonesia.” Jurnal Penelitian Dan Karya Ilmiah Lembaga Penelitian Universitas Trisakti, 2023, 259–67. https://doi.org/10.25105/pdk.v9i1.18643.

Luthfi, Rosihan. “Perlindungan Data Pribadi Sebagai Perwujudan Perlindungan Hak Asasi Manusia.” Jurnal Sosial Teknologi 2, no. 5 (2022): 431–36. https://doi.org/10.36418/jurnalsostech.v2i5.336.

Maulana, Lutfi, and Nadia Fitriana. “Analisis Dampak Insiden BSI Eror Dan Dugaan Hacking Bank Syariah Indonesia (BSI) Terhadap Kepercayaan Dan Loyalitas Nasabah Bank Syariah Indonesia Di Kabupaten Subang.” Rayah Al-Islam 7, no. 3 (2023). https://doi.org/https://doi.org/10.37274/rais.v7i3.899.

Muin, F. “Hukum Islam Dan Teknologi: Adaptasi Hukum Islam Dengan Perkembangan Teknologi.” IDRIS: InDonesian Journal of Islamic Studies 1, no. 1 (2023): 97–113. http://yambus-lpksa.com/index.php/IDRIS/article/view/22.

Nandavita, Alva Yenica. “Analisis Pengaruh Kepercayaan Nasabah Terhadap Risiko Menggunakan Layanan E-Banking.” AKSES: Jurnal Ekonomi Dan Bisnis 17, no. 2 (2022). https://doi.org/10.31942/akses.v17i2.7463.

Nurmalasari, Nurmalasari. “Urgensi Pengesahan Rancangan Undang-Undang Perlindungan Data Pribadi Demi Mewujudkan Kepastian Hukum.” Syntax Idea 3, no. 8 (2021): 1947–66. https://doi.org/10.46799/syntax-idea.v3i8.1414.

Nurul Monika Larasati, and Rayyan Firdaus. “Analisis Bahaya Serangan Ransomeware Terhadap Layanan Perbankan.” Merkurius : Jurnal Riset Sistem Informasi Dan Teknik Informatika 2, no. 4 (2024): 102–9. https://doi.org/10.61132/merkurius.v2i4.151.

Oropeza Mendoza, Doris Karina. “The Vulnerability of Cyberspace - The Cyber Crime.” Journal of Forensic Sciences & Criminal Investigation 2, no. 1 (2017). https://doi.org/10.19080/jfsci.2017.02.555576.

Perhimpunan Bank Nasional, PERBANAS. “Rawan Serangan Siber, Sektor Perbankan Perbesar Capex Untuk Investasi IT.” PERBANAS, 2023.

Pratama, Galih. “Perbankan RI Sasaran Empuk Serangan Siber, Ini Faktanya.” Infobanknews, 2023. https://infobanknews.com/perbankan-ri-sasaran-empuk-serangan-siber-ini-faktanya/#google_vignette.

Rahmawati, Irma Nurrizki, Nova Rahmadani, Diyah Rosita Heni, and Sandro Kevin. “Pertanggungjawaban Pihak Bank Terhadap Kebocoran Data Diri Nasabah.” Aufklarung: Jurnal Pendidikan, Sosial Dan Humaniora 3, no. 2 (2023): 208–15. http://pijarpemikiran.com/index.php/Aufklarung.

Ramadhan, Agus. “15 Juta Data Nasabah BSI Dicuri LockBit, Pakar Siber Minta Perbankan Lainnya Lakukan Mitigasi.” Tribunnews, 2023. https://aceh.tribunnews.com/2023/05/13/15-juta-data-nasabah-bsi-dicuri-lockbit-pakar-siber-minta-perbankan-lainnya-lakukan-mitigasi?page=all#goog_rewarded.

Razi, Fachrul, Hadi Tuasikal, and Dwi Pratiwi Markus. “Implementation and Challenges of the Personal Data Protection Law in Indonesia.” Jurnal Indonesia Sosial Teknologi 5, no. 12 (December 30, 2024): 6015–21. https://doi.org/10.59141/jist.v5i12.1285.

Respati, Agustinus Rangga, and Yoga Sukmana. “Perjalanan Kasus BSI, Dari Gangguan Layanan Sampai ‘Hacker’ Minta Tebusan.” Kompas.com, 2023. https://money.kompas.com/read/2023/05/17/072027926/perjalanan-kasus-bsi-dari-gangguan-layanan-sampai-hacker-minta-tebusan?page=all.

Shafira, Irnasya. “Menganalisis Strategi Keamanan Siber Nasional Indonesia.” Center for Digital Society, 2021. https://cfds.fisipol.ugm.ac.id/id/2021/07/28/menganalisis-strategi-keamanan-siber-nasional-indonesia/.

Solak, Duygu, and Murat Topaloglu. “The Perception Analysis of Cyber Crimes in View of Computer Science Students.” Procedia - Social and Behavioral Sciences 182 (2015): 590–95. https://doi.org/10.1016/j.sbspro.2015.04.787.

Sudarmadi, Damar Apri, and Arthur Josias Simon Runturambi. “Strategi Badan Siber Dan Sandi Negara (BSSN) Dalam Menghadapi Ancaman Siber Di Indonesia.” Jurnal Kajian Stratejik Ketahanan Nasional 2, no. 2 (2019): 157–78. http://jurnalpkn.ui.ac.id/index.php/jkskn/article/view/28.

Surfshark. “Global Data Breach Statistics,” 2025. https://surfshark.com/research/data-breach-monitoring?country=id.

Syahril, Muh. Akbar Fhad, and Ardiyanti Aris. “Strategies and Dynamics of Online Fraud in Indonesia: Tracing the Effectiveness of the Implementation of the Electronic and Transaction Information Act.” Journal of Law Justice (JLJ) 2, no. 3 (November 18, 2024): 198–205. https://doi.org/10.33506/jlj.v2i3.3711.

Syalendro, Oky, Arief Fahmi Lubis, and R Yusak Andri Ende Putra. “Cyber Crime Crimes in Indonesian Law and Efforts to Prevent and Handle Cyber Crime Cases.” AURELIA: Jurnal Penelitian Dan Pengabdian Masyarakat Indonesia 4, no. 1 (December 30, 2024): 335–47. https://doi.org/10.57235/aurelia.v4i1.3708.

Wijanarko, Rendi Panca, Moch Rezeki Setiawan, Siti Mukaromah, and Abdul Rezha Efrat Najaf. “Analisis Dan Simulasi Serangan Ransomware Terhadap Database Bank Syariah Indonesia.” In Prosiding Seminar Nasional Teknologi Dan Sistem Informasi, 3:106–15, 2023. https://doi.org/10.33005/sitasi.v3i1.436.

Yunanda, Rochania Ayu, and Silvia Dewiyanti. “Digital Governance Strategies for Enhancing Sustainable Banking Ecosystem in Indonesia.” In 2024 12th International Conference on Cyber and IT Service Management, CITSM 2024, 2024. https://doi.org/10.1109/CITSM64103.2024.10775351.

Yusep Ginanjar. “Strategi Indonesia Membentuk Cyber Security Dalam Menghadapi Ancaman Cyber Crime Melalui Badan Siber Dan Sandi Negara.” Jurnal Dinamika Global Vol.7 No. 2 (2022): 295–316.

Zuwanda, Zulkham Sadat, Loso Judijanto, Hendri Khuan, and Andri Triyantoro. “Normative Study of Law No. 27 of 2022 on the Protection of Personal Data and Its Impact on the Fintech Industry in Indonesia.” West Science Law and Human Rights 2, no. 04 (October 25, 2024): 421–28. https://doi.org/10.58812/wslhr.v2i04.1367.

Perlindungan Data Pribadi dan Keamanan Siber di Sektor Perbankan: Studi Kritis atas Penerapan UU PDP dan UU ITE di Indonesia

Authors

DOI:

Keywords:

Abstract

References

Downloads

Published

Issue

Section

License

All publications by Staatsrecht: Jurnal Kenegaraan dan Politik Islam are licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

menu

template

tools

visitors