Ransomware Attacks on Investors’ Personal Data and the Legal Liability of Securities Companies in Indonesia

Authors

  • Fauzan Wahyu Utomo Al Azhar University of Indonesia
  • Anis Rifai Al Azhar University of Indonesia
  • Anas Lutfi Al Azhar University of Indonesia

DOI:

https://doi.org/10.21512/becossjournal.v8i2.16136

Keywords:

legal liability, cybercrime, ransomware, personal data, securities company

Abstract

This article examines the legal liability of securities companies for ransomware attacks that result in the misuse of investors’ personal data in Indonesia. Using normative legal research with statute, conceptual, and case approaches, this study shows that the relevant legal framework is formed by the Capital Market Law, the Personal Data Protection Law, the Electronic Information and Transactions Law as amended by Law No. 1 of 2024, the Financial Sector Development and Strengthening Law, and OJK consumer protection regulations. The research gap lies in the absence of a focused analysis of securities companies’ accountability through the doctrines of duty of care, corporate negligence, and cyber liability in the capital market context. This article finds that liability may arise contractually, in tort, and administratively when a securities company fails to implement reasonable security measures, supervision, and incident response. Stronger harmonization of sectoral rules, explicit breach notification standards, and risk-based security obligations are therefore needed to protect investors more effectively.

Dimensions

Author Biographies

Fauzan Wahyu Utomo, Al Azhar University of Indonesia

Faculty of Law, Master of Laws

Anis Rifai, Al Azhar University of Indonesia

Faculty of Law, Master of Laws

Anas Lutfi, Al Azhar University of Indonesia

Faculty of Law, Master of Laws

References

Darmawan, K., & Sekar Putri, A. (2025). Legal protection for investors’ personal data against cybercrime threats in capital market based on IOSCO principles. JLPH: Journal of Law, Politic and Humanities, 5(4). https://doi.org/10.38035/jlph.v5i4

Disemadi, H. S. (2021). Urgensi regulasi khusus dan pemanfaatan artificial intelligence dalam mewujudkan perlindungan data pribadi di Indonesia. Jurnal Wawasan Yuridika, 5(2), 177. https://doi.org/10.25072/jwy.v5i2.460

Elsa, Panjaitan, H., & Kandou, H. (2023). Peran otoritas jasa keuangan terhadap perlindungan dan penanggulangan penyalahgunaan data pribadi sebagai upaya perlindungan hukum pengguna layanan fintech. Jurnal Hukum To-Ra: Hukum Untuk Mengatur Dan Melindungi Masyarakat, 9(1). https://doi.org/https://ejournal.fhuki.id/index.php/tora/article/view/535

Manurung, E. A. P. (2023). The right to privacy based on the law of the Republic of Indonesia Number 27 of 2022. Journal of Digital Law and Policy, 2(3). https://doi.org/10.2991/iciir18.2019.32

Mayasari, H. (2023). A examination on personal data protection in metaverse technology in Indonesia: A human rights perspective. Journal of Law, Environmental and Justice, 1(1), 64–85. https://doi.org/10.62264/jlej.v1i1.4

Rachmat, U. M., Riyanto, S., & Fh, A. (2024). Optimalisasi perlindungan konsumen dalam melakukan komplain atas produk barang cacat melalui self regulation pada transaksi pembelian secara online PT.Bukalapak. Jurnal Hukum Jurisdictie, 6(1), 68–83. https://doi.org/10.34005/jhj.v6i1.166

Rosadi, S. D., & Pratama, G. G. (2018). Perlindungan privasi dan data pribadi dalam era ekonomi digital di Indonesia. Jurnal: Veritas et Justitia, 4(1), 88–110. https://doi.org/10.25123/vej.2916

Rosadi, S. D., & Tahira, Z. (2018). Consumer protection id digital economy era: Law in Indonesia. Jurnal Yustisia, 7(1), 85–97. https://doi.org/https://doi.org/10.20961/yustisia.v7i1.20144

Rosadi, S. D., Yuniarti, S., & Fauzi, R. (2022). Protection of data privacy in the era of artificial intelligence in the financial sector of Indonesia. Journal of Central Banking Law and Institutions, 1(2), 353–366. https://doi.org/10.21098/jcli.v1i2.18

Shalihah, F., & Mohd Shariff, R. N. (2022). Identifying barriers to data protection and investor privacy in equity crowdfunding: Experiences from Indonesia and Malaysia. UUM Journal of Legal Studies, 13(2), 215–242. https://doi.org/10.32890/uumjls2022.13.2.9

Silviani, N. Z., Shahrullah, R. S., Atmaja, V. R., & Hyun, P. J. (2023). Personal data protection in private sector electronic systems for businesses: Indonesia vs. South Korea. Jurnal Hukum Dan Peradilan, 12(3), 517. https://doi.org/10.25216/jhp.12.3.2023.517-546

Sulistianingsih, D., Ihwan, M., Setiawan, A., & Shidqon Prabowo, M. (2023). Tata kelola perlindungan data pribadi di era metaverse (telaah yuridis Undang-Undang Perlindungan Data Pribadi). Jurnal Masalah-Masalah Hukum, 52(1), 97–106.

Syaputra, M., Irhamsah, I., & Ridwan, R. (2024). Konsekuensi hukum dan tanggung jawab notaris terhadap akta yang mengandung unsur penyalahgunaan keadaan. SENTRI: Jurnal Riset Ilmiah, 3(4), 1901–1910. https://doi.org/10.55681/sentri.v3i4.2564

Wibowo, A., Alawiyah, W., & Azriadi. (2024). The importance of personal data protection in Indonesia’s economic development. Cogent Social Sciences, 10(1). https://doi.org/10.1080/23311886.2024.2306751

Widiatedja, I. G. N. P., & Mishra, N. (2023). Establishing an independent data protection authority in Indonesia: a future–forward perspective. International Review of Law, Computers & Technology, 37(3), 252–273. https://doi.org/10.1080/13600869.2022.2155793

Yusliwidaka, A., Muhammad Ardhi Razaq Abqa, & Khansadhia Afifah Wardana. (2024). A discourse of personal data protection: How Indonesia responsible under domestic and international law? Pandecta Research Law Journal, 19(2), 453–482. https://doi.org/10.15294/pandecta.v19i2.13279

Yuspin, W., Wardiono, K., Nurrahman, A., & Budiono, A. (2023). Personal data protection law in digital banking governance in Indonesia. Studia Iuridica Lublinensia, 32(1), 99130. https://doi.org/10.17951/sil.2023.32.1.99-130

Undang-Undang Nomor 8 Tahun 1995 tentang Pasar Modal. https://peraturan.bpk.go.id/Details/46197/uu-no-8-tahun-1995

Undang-Undang Nomor 27 Tahun 2022 tentang Pelindungan Data Pribadi. https://peraturan.bpk.go.id/Details/229798/uu-no-27-tahun-2022

Undang-Undang Nomor 1 Tahun 2024 tentang Perubahan Kedua atas Undang-Undang Nomor 11 Tahun 2008 tentang Informasi dan Transaksi Elektronik. https://peraturan.bpk.go.id/Details/274494/uu-no-1-tahun-2024

Undang-Undang Nomor 4 Tahun 2023 tentang Pengembangan dan Penguatan Sektor Keuangan. https://peraturan.bpk.go.id/Details/240203/uu-no-4-tahun-2023

Peraturan Otoritas Jasa Keuangan Nomor 22/POJK.07/2023 tentang Pelindungan Konsumen dan Masyarakat di Sektor Jasa Keuangan. https://www.ojk.go.id/id/regulasi/Documents/Pages/Pelindungan-Konsumen-danMasyarakat-di-Sektor-JasaKeuangan/POJK%2022%20Tahun%202023%20Pelindungan%20Konsumen%20dan% 20Masyarakat%20di%20Sektor%20Jasa%20Keuangan.pdf

Downloads

Published

2026-07-12

How to Cite

Utomo, F. W., Rifai, A., & Lutfi, A. (2026). Ransomware Attacks on Investors’ Personal Data and the Legal Liability of Securities Companies in Indonesia. Business Economic, Communication, and Social Sciences Journal (BECOSS), 8(2), 143–153. https://doi.org/10.21512/becossjournal.v8i2.16136
Abstract 23  .
PDF downloaded 5  .