•  
  •  
 

Abstract

This study analyses the Indonesian public’s response to government data breaches and advocates for an expanded defintion of nonformal reactions to crime in the digital context. It argues that existing criminological frameworks, particularly Mustofa’s (2021) model—which views nonformal reactions as active and confrontational behaviours such as demonstrations or vigilantism—should also acknowledge inaction, apathy, and emotional disengagement as valid public reactions. This paper employs a conceptual-qualitative approach, combining an interdisciplinary literature review, interpretive policy analysis of the Personal Data Protection Law, and triangulation with digital behaviour data to develop its analysis. This paper reframes apathy as a significant criminological indicator of institutional breakdown and democratic erosion, rather than a mere absence of action. By incorporating passive reactions into the notion of nonformal reactions to crime, this research enhances the analytical framework for Indonesian criminology in the context of cybercrime victimisation. Recognising inaction as a form of reaction is crucial for assessing civic trust, ensuring state accountability, and advancing a secure digital culture. The study advocates for an evolution of criminological theory to maintain its relevance in the changing landscape of harm within a hyper-connected society.

References

Acquisti, A., Friedman, A., & Telang, R. (2006). Is there a cost to privacy breaches? An event study. AIS Electronic Library (AISeL). https://aisel.aisnet.org/icis2006/94/

Arafat, M. R., & Oktaviani, H. D. (2022). Criminal Threats in The Personal Data Protection Bill in Indonesia. Megafury Apriandhini, SH, MH Chair of 4th OSC, 43.

Arafat, M. R., & Oktaviani, H. D. (2022). Criminal Threats in The Personal Data Protection Bill in Indonesia. Megafury Apriandhini, SH, MH Chair of 4th OSC, 43.

Armando, M. A. C., & Soeskandi, H. (2023). Pertanggungjawaban Pidana Bagi Para Pelaku Doxing Menurut UU ITE dan UU PDP. Bureaucracy Journal: Indonesia Journal of Law and Social-Political Governance, 3(1), 559-568.

Ayaburi, E. W. (2023). Understanding online information disclosure: examination of data breach victimization experience effect. Information Technology & People, 36(1), 95-114.

Barnett-Page, E. and Thomas, J. (2009). Methods for the synthesis of qualitative research: a critical review. BMC Medical Research Methodology, 9(1). https://doi.org/10.1186/1471-2288-9-59

Burns, J.. (2017). Breach of faith: lack of policy for responding to data breaches and what the government should do about it. Florida Law Review, 69(3), 959-988.

Chang, L. Y. C. and Coppel, N. (2020). Building cyber security awareness in a developing country: lessons from myanmar. Computers &Amp; Security, 97, 101959. https://doi.org/10.1016/j.cose.2020.101959

Chatterjee, S., Gao, X., Sarkar, S., & Uzmanoglu, C. (2019). Reacting to the scope of a data breach: The differential role of fear and anger. Journal of Business Research, 101, 183-193.

Citron, D. K. and Solove, D. J. (2021). Privacy harms. SSRN Electronic Journal. https://doi.org/10.2139/ssrn.3782222

CNN Indonesia. (2022, September 14). Kronologi 4 akun media sosial Bjorka tumbang.https://www.cnnindonesia.com/teknologi/20220914090714-192-847540/kronologi-4-akun-media-sosial-bjorka-tumbang

Dolev, N., & Ireni-Saban, L. (2025). Mitigation of Learned Helplessness for Enhanced Bureaucratic Organizational Responsiveness in Public Administrations. Administrative Sciences, 15(3), 101. https://doi.org/10.3390/admsci15030101

Drapkin, I., Viano, E., International Society of Criminology., & Universiṭah ha-ʻIvrit bi-Yerushalayim. (1974). Victimology: a new focus vol. 2: Society’s Reaction to Victimization

Enns, P. (2014). The public's increasing punitiveness and its influence on mass incarceration in the united states. American Journal of Political Science, 58(4), 857-872. https://doi.org/10.1111/ajps.12098

Ericson, R. V., & Haggerty, K. D. (2018). Policing the Risk Society. University of Toronto Press. https://doi.org/10.3138/9781442678590

Farrington, D. P., & Gunn, J. C. (1985). Reactions to crime : the public, the police, courts, and prisons. Wiley.

Fischer, F., D. Torgerson, A. Durnová, and M. Orsini, Eds. 2015. Handbook of Critical Policy Studies. Cheltenham: Edward Elgar Publishing

Flew, T. (2021). The Global Trust Deficit Disorder: A Communications Perspective on Trust in the time of Global Pandemics. Journal of Communication, 71(2), 163–186. https://doi.org/10.1093/joc/jqab006

Garland, D. (2001). The culture of control: Crime and social order in contemporary society (Vol. 77). Oxford university press.

Hopkins, D., Manager, D. L., & Mooney, L. (2019). Caring about the notifiable data breach: The human impact on victims. Governance Directions, 71(8), 433-438.

Jackson, J. (2004). Experience and expression: social and cultural significance in the fear of crime. The British Journal of Criminology, 44(6), 946-966. https://doi.org/10.1093/bjc/azh048

Jennings, W., Farrall, S., Gray, E., & Hay, C. (2016). Penal populism and the public thermostat: crime, public punitiveness, and public policy. Governance, 30(3), 463-481. https://doi.org/10.1111/gove.12214

Juned, M., Martin, A., Pratama, N. (2024). Bjorka’s Hacktivism in Indonesia: The Intercourse Paradox of Cyberdemocracy, Cyberactivism, and Cybersecurity. Academic Journal of Interdisciplinary Studies, 13(5), 369-380 DOI: https://doi.org/10.36941/ajis-2024-0171

Kiltidou, D. (2015). Privacy as a right. In IGI Global eBooks (pp. 1–14). https://doi.org/10.4018/978-1-4666-8153-8.ch001

Kitchin, R. (2024). CRITICAL DATA STUDIES: An a to Z Guide to Concepts and Methods. John Wiley & Sons.

Labrecque, L. I., Markos, E., Swani, K., & Peña, P. (2021). When data security goes wrong: Examining the impact of stress, social contract violation, and data type on consumer coping responses following a data breach. Journal of Business Research, 135, 559-571.

Leese M (2022) Privacy, Data Protection, and Security Studies. In González Fuster G, van Brakel R & de Hert P (eds.) Research Handbook on Privacy and Data Protection Law: Values, Norms and Global Politics. Cheltenham: Edward Elgar Publishing, 213-227.

Llewellyn, A. (2022, September 15). Bjorka: The online hacker trying to take down the Indonesian government. Retrieved from https://thediplomat.com/2022/09/bjorka-the-online-hacker-trying-to-take-down-the-indonesian-government/

Llewellyn, A. (2022, September 15). Bjorka: The online hacker trying to take down the Indonesian government. Retrieved from https://thediplomat.com/2022/09/bjorka-the-online-hacker-trying-to-take-down-the-indonesian-government/

Lorenc, T., Petticrew, M., Whitehead, M., Neary, D., Clayton, S., Wright, K., … & Renton, A. (2014). Crime, fear of crime and mental health: synthesis of theory and systematic reviews of interventions and qualitative evidence. Public Health Research, 2(2), 1-398. https://doi.org/10.3310/phr02020

Madan, S., Savani, K., & Katsikeas, C. S. (2023). Privacy please: Power distance and people's responses to data breaches across countries. Journal of international business studies, 54(4), 731–754. https://doi.org/10.1057/s41267-022-00519-5

Manea, R. E., Piraino, P., & Viarengo, M. (2023). Crime, inequality and subsidized housing: evidence from south africa. World Development, 168, 106243. https://doi.org/10.1016/j.worlddev.2023.106243

Mansfield-Devine, S. (2015). The Ashley Madison affair. Network Security, 2015(9), 8–16. https://doi.org/10.1016/s1353-4858(15)30080-5

Markos, E., Peña, P., Labrecque, L. I., & Swani, K. (2023). Are data breaches the new norm? exploring data breach trends, consumer sentiment, and responses to security invasions. Journal of Consumer Affairs, 57(3), 1089-1119. https://doi.org/10.1111/joca.12554

Masuch, K., Greve, M., & Trang, S. (2021). What to do after a data breach? Examining apology and compensation as response strategies for health service providers. Electronic Markets, 31, 829-848.

Masuch, K., Greve, M., Trang, S., & Kolbe, L. M. (2022). Apologize or justify? Examining the impact of data breach response actions on stock value of affected companies?. Computers & Security, 112, 102502.

Mayer, P., Zou, Y., Lowens, B. M., Dyer, H. A., Le, K., Schaub, F., & Aviv, A. J. (2023). Awareness, Intention,(In) Action: Individuals’ Reactions to Data Breaches. ACM Transactions on Computer-Human Interaction, 30(5), 1-53. https://doi.org/10.1145/3589958

Mayer, P., Zou, Y., Schaub, F., & Aviv, A. J. (2021). " Now I'm a bit {angry:}" Individuals' Awareness, Perception, and Responses to Data Breaches that Affected Them. In 30th USENIX Security Symposium (USENIX Security 21) (pp. 393-410).

Mills, J. L., & Harclerode, Kelsey. (2017). Privacy, mass intrusion, and the modern data breach. Florida Law Review, 69(3), 771-830.

Mustofa, M. (2021). Kriminologi: Kajian sosiologi terhadap kriminalitas, perilaku menyimpang, dan pelanggaran hukum. Prenada Media.

Mwim, E.N., Mtsweni, J. (2022). Systematic Review of Factors that Influence the Cybersecurity Culture. In: Clarke, N., Furnell, S. (eds) Human Aspects of Information Security and Assurance. HAISA 2022. IFIP Advances in Information and Communication Technology, vol 658. Springer, Cham. https://doi.org/10.1007/978-3-031-12172-2_12

Nadarajah, H., Iskandar, A., Lee, S., San, S.T.,. (2024, September 30). Indonesian government under fire after cyber breaches. Asia Pacific Foundation of Canada.https://www.asiapacific.ca/publication/indonesian-government-under-fire-after-cyber-breaches

Novak, A. N., & Vilceanu, M. O. (2019). “The internet is not pleased”: twitter and the 2017 Equifax data breach. The Communication Review, 22(3), 196-221.

Nugroho, Y. (2022, September 14). Indonesia’s Bjorka embarrassment exposed its devastatingly weak cybersecurity.https://www.scmp.com/week-asia/opinion/article/3194399/indonesias-bjorka-embarrassment-exposed-its-devastatingly-weak

Paramita, N.P. (2022, September). Bersitegang dengan Kominfo: Begini kronologi munculnya Bjorka hingga akun Twitternya lenyap.https://www.ayojakarta.com/news/pr-764679197/bersitegang-dengan-kominfo-begini-kronologi-munculnya-bjorka-hingga-akun-twitternya-lenyap

Rediko, A.E. (2022, September). Aksi hacker Bjorka vs pemerintah Indonesia: Bak drama thriller, ini kronologi lengkapnya.https://www.pikiran-rakyat.com/nasional/pr-015501230/aksi-hacker-bjorka-vs-pemerintah-indonesia-bak-drama-thriller-ini-kronologi-lengkapnya?page=all

Renaldi, E., Salim, N, (2024, July 4). Indonesian national data centre hacker apologises.https://www.abc.net.au/news/2024-07-04/indonesian-national-data-centre-hacker-apologise/104052668

Richardson, V. J., Smith, R. E., & Watson, M. W. (2019). Much ado about nothing: The (lack of) economic impact of data privacy breaches. Journal of Information Systems, 33(3), 227-265. DOI: 10.2308/isys-52379

Rizqiyanto, N., Rohman, A. F., & Raya, F. A. H. M. (2024). Politik Hukum Pembentukan Undang-Undang Nomor 27 Tahun 2022 Tentang Pelindungan Data Pribadi. Media Hukum Indonesia (MHI), 2(2), 1-14.

Rizqiyanto, N., Rohman, A. F., & Raya, F. A. H. M. (2024). Politik Hukum Pembentukan Undang-Undang Nomor 27 Tahun 2022 Tentang Pelindungan Data Pribadi. Media Hukum Indonesia (MHI), 2(2), 1-14.

Sale, J. E. M., & Carlin, L. (2025). The reliance on conceptual frameworks in qualitative research – a way forward. BMC Medical Research Methodology, 25(1). https://doi.org/10.1186/s12874-025-02461-0

Sangari, S., Dallal, E., & Whitman, M. (2022). Modeling Under-Reporting in cyber incidents. Risks, 10(11), 200. https://doi.org/10.3390/risks10110200

Schaefer, L. and Mazerolle, L. (2017). Putting process into routine activity theory: variations in the control of crime opportunities. Security Journal, 30(1), 266-289. https://doi.org/10.1057/sj.2015.39

Schaefer, L., & Mazerolle, L. (2017). Predicting perceptions of crime: Community residents’ recognition and classification of local crime problems. Australian & New Zealand Journal of Criminology, 51(2), 183–203. https://doi.org/10.1177/0004865817721590

Solove, D. J. (2002). Conceptualizing privacy. California Law Review, 90(4), 1087-1156.

Solove, D. J. and Citron, D. K. (2016). Risk and anxiety: a theory of data breach harms. SSRN Electronic Journal. https://doi.org/10.2139/ssrn.2885638

Valecha, R., Bachura, E., Chen, R., & Raghav Rao, H. (2017). An exploration of public reaction to the OPM data breach notifications. In Internetworked World: 15th Workshop on e-Business, WeB 2016, Dublin, Ireland, December 10, 2016, Revised Selected Papers 15 (pp. 185-191). Springer International Publishing.

Walsh, D., Parisi, J. M., & Passerini, K. (2015). Privacy as a right or as a commodity in the online world: the limits of regulatory reform and self-regulation. Electronic Commerce Research, 17(2), 185–203. https://doi.org/10.1007/s10660-015-9187-2

Zou, Y., Danino, S., Sun, K., & Schaub, F. (2019, May). You ‘Might' Be Affected: An Empirical Analysis of Readability and Usability Issues in Data Breach Notifications. In Proceedings of the 2019 CHI Conference on Human Factors in Computing Systems (pp. 1-14).

Zou, Y., Mhaidli, A. H., McCall, A., & Schaub, F. (2018). " I've Got Nothing to Lose": Consumers' Risk Perceptions and Protective Actions after the Equifax Data Breach. In Fourteenth Symposium on Usable Privacy and Security (SOUPS 2018) (pp. 197-216).

Download

Share

COinS
 
 

To view the content in your browser, please download Adobe Reader or, alternately,
you may Download the file to your hard drive.

NOTE: The latest versions of Adobe Reader do not support viewing PDF files within Firefox on Mac OS and if you are using a modern (Intel) Mac, there is no official plugin for viewing PDF files within the browser window.