Cross-Border Data Security: Analysis of High-Profile Violations and Mitigation Strategies

Riska Nofharina Lutfiah; Tunjung Sulaksono

doi:10.21609/jsi.v21i2.1515

Authors

Riska Nofharina Lutfiah Faculty of Social and Political Science, Universitas Muhammadiyah Yogyakarta, Indonesia
Tunjung Sulaksono Faculty of social and political sciences, Universitas Muhammadiyah Yogyakarta

DOI:

https://doi.org/10.21609/jsi.v21i2.1515

Keywords:

Cross-border data security, data breaches, CIA Triad, encryption, API protection, cybersecurity policy

Abstract

The increase in cross-border data transfers has resulted in a surge in data breaches in various jurisdictions. This study seeks to examine the pattern of data breaches in notable incidents, including Facebook (2019), SolarWinds (2020), Tokopedia (2020), and LinkedIn (2021). This research uses a qualitative case study methodology to assess prominent vulnerabilities in data security systems and look at recurring patterns based on the CIA TRIAD (Confidentiality, Integrity, Availability) theoretical framework. The findings show that the main weaknesses in data breaches are inadequate encryption, weak software supply chain security, and inadequate API protection. This paper recommends mitigation techniques based on the findings, which include improving encryption, integrating blockchain into the software supply chain, strengthening API authentication, and using artificial intelligence (AI) to identify cyber threats and contributes to improving the understanding of regulations such as GDPR, PIPL (China), and PDP laws (Indonesia) in mitigating the dangers of global data breaches.

Downloads

Download data is not yet available.

References

Abbo, I., & Tchomte, N. D. (2024). Feature engineering and computer vision for cybersecurity: A brief state-of-the-art. In Global Perspectives on the Applications of Computer Vision in Cybersecurity (pp. 155–174). IGI Global. https://doi.org/10.4018/978-1-6684-8127-1.ch006
Alekseenko, A. P. (2022). Privacy, Data Protection, and Public Interest Considerations for Fintech. In Global Perspectives in Fin Tech: Law, Finance and Technology (pp. 25–50). Springer International Publishing. https://doi.org/10.1007/978-3-031-11954-5_3
Alshahrani, H. M., Alotaibi, S. S., Ansari, M. T. J., Asiri, M. M., Agrawal, A., Khan, R. A., Mohsen, H., & Hilal, A. M. (2022). Analysis and Ranking of IT Risk Factors Using Fuzzy TOPSIS-Based Approach. Applied Sciences (Switzerland), 12(12). https://doi.org/10.3390/app12125911
Ameen, N., Tarhini, A., Shah, M. H., Madichie, N., Paul, J., & Choudrie, J. (2021). Keeping customers’ data secure: A cross-cultural study of cybersecurity compliance among the Gen-Mobile workforce. Computers in Human Behavior, 114. https://doi.org/10.1016/j.chb.2020.106531
Ayyagari, R. (2020). Data breaches and carding. In The Palgrave Handbook of International Cybercrime and Cyberdeviance (pp. 939–959). Palgrave Macmillan. https://doi.org/10.1007/978-3-319-78440-3_37
Bajaj, K. (2012). Promoting data protection standards through contracts: The case of the data security council of India. Review of Policy Research, 29(1), 131–139. https://doi.org/10.1111/j.1541-1338.2011.00541.x
Bansal, G. (2018). Data breaches and trust rebuilding: Moderating impact of signaling of corporate social responsibility. In X. B.S. & N. "F.F. (Eds.), Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics): Vol. 10923 LNCS (pp. 253–261). Springer Verlag. https://doi.org/10.1007/978-3-319-91716-0_19
Bhardwaj, A. (2024). Insecure Digital Frontiers. In Insecure Digital Frontiers. CRC Press. https://doi.org/10.1201/9781003515395
Botha, J., Grobler, M., & Eloff, M. (2017). Global data breaches responsible for the disclosure of personal information: 2015 & 2016. In S. M. & L.-K. N.-A. (Eds.), European Conference on Information Warfare and Security, ECCWS (Vol. 0, pp. 63–72). Curran Associates Inc. https://www.scopus.com/inward/record.uri?eid=2-s2.0-85027963382&partnerID=40&md5=5eb3151533e55090283cd622508e62be
Buckley, G., Caulfield, T., & Becker, I. (2022). “It may be a pain in the backside but...” Insights into the resilience of business after GDPR. ACM International Conference Proceeding Series, 21–34. https://doi.org/10.1145/3584318.3584320
Chin, Y. C., & Zhao, J. (2022). Governing Cross-Border Data Flows: International Trade Agreements and Their Limits. Laws, 11(4). https://doi.org/10.3390/laws11040063
Davidson, M. A. (2018). Oracle Database Security. In Handbook of Heterogeneous Networking (pp. 68-1and68). CRC Press. https://doi.org/10.1201/9781351072625-75
de Oliveira Albuquerque, R., García Villalba, L. J., Sandoval Orozco, A. L., Buiati, F., & Kim, T. H. (2014). A layered trust information security architecture. Sensors (Switzerland), 14(12), 22754–22772. https://doi.org/10.3390/s141222754
Fauzi, R., & Sembiring, J. (2023). A Review on Information Security Risk Assessment of Smart Systems: Risk Landscape, Challenges, and Prospective Methods. 10th International Conference on ICT for Smart Society, ICISS 2023 - Proceeding. https://doi.org/10.1109/ICISS59129.2023.10291306
Feys, M. M., Swanson, J. W., Carreiro, P. M., & Lafever, G. (2023). Technical controls that protect data when in use and prevent misuse. Journal of Data Protection and Privacy, 5(3), 281–296. https://doi.org/10.69554/dfjt9495
Fleury-Charles, A., Chowdhury, M. M., & Rifat, N. (2022). Data Breaches: Vulnerable Privacy. IEEE International Conference on Electro Information Technology, 2022-May, 538–543. https://doi.org/10.1109/eIT53891.2022.9814044
Fritz, J., & Kaefer, F. (2017). The Rise of the Mega Breach and What Can Be Done About It. Journal of Applied Security Research, 12(3), 392–406. https://doi.org/10.1080/19361610.2017.1315700
Gootman, S. (2016). OPM Hack: The Most Dangerous Threat to the Federal Government Today. Journal of Applied Security Research, 11(4), 517–525. https://doi.org/10.1080/19361610.2016.1211876
Guo, G., Yang, T., & Liu, Y. (2018). Search engine based proper privacy protection scheme. IEEE Access, 6, 78551–78558. https://doi.org/10.1109/ACCESS.2018.2885073
Hamid, S., & Huda, M. N. (2025). Mapping the landscape of government data breaches: A bibliometric analysis of literature from 2006 to 2023. Social Sciences and Humanities Open, 11. https://doi.org/10.1016/j.ssaho.2024.101234
Heimes, R. (2016). Global InfoSec and Breach Standards. IEEE Security and Privacy, 14(5), 68–72. https://doi.org/10.1109/MSP.2016.90
Holtfreter, R. E., & Harrington, A. (2015). Data breach trends in the United States. Journal of Financial Crime, 22(2), 242–260. https://doi.org/10.1108/JFC-09-2013-0055
Hossain, M. M., & Hong, Y. A. (2019). Trends and characteristics of protected health information breaches in the United States. AMIA ... Annual Symposium Proceedings. AMIA Symposium, 2019, 1081–1090. https://www.scopus.com/inward/record.uri?eid=2-s2.0-85083755303&partnerID=40&md5=8a51a14db4e0f36d438743762d1db39d
Januarita, R., Alamsyah, I. F., & Perdana, A. (2024). Guardians of data: TruMe Life’s continuous quest for data protection. Journal of Information Technology Teaching Cases. https://doi.org/10.1177/20438869241242141
Jingting, L., Sengstschmid, U., & Yixuan, G. (2024). China’s Cross-Border Data Flow Policies and Implications for Investments. In Data Governance and the Digital Economy in Asia: Harmonising Cross-Border Data Flows (pp. 54–85). Taylor and Francis. https://doi.org/10.4324/9781003505723-4
Jonnala, A., Ampani, R., Abbasi, D. F., Alsadoon, A., & Prasad, P. W. C. (2023). Data Security Risk Mitigation in the Cloud Through Virtual Machine Monitoring. In M. S.C., S. S.M., & W. P.W. (Eds.), Lecture Notes in Electrical Engineering: Vol. 1029 LNEE (pp. 227–238). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-031-29078-7_20
Joseph, R. C. (2018). Data Breaches: Public Sector Perspectives. IT Professional, 20(4), 57–64. https://doi.org/10.1109/MITP.2017.265105441
Joshi, K. P., Elluri, L., & Nagar, A. (2020). An Integrated Knowledge Graph to Automate Cloud Data Compliance. IEEE Access, 8, 148541–148555. https://doi.org/10.1109/ACCESS.2020.3008964
Juma’h, A. H., & Alnsour, Y. (2021). How Do Investors Perceive the Materiality of Data Security Incidents. Journal of Global Information Management, 29(6). https://doi.org/10.4018/JGIM.20211101.oa4
Kucharavy, A., Plancherel, O., Mulder, V., Mermoud, A., & Lenders, V. (2024). Large Language Models in Cybersecurity. In Large Language Models in Cybersecurity. Springer Nature. https://doi.org/10.1007/978-3-031-54827-7
Lee, N. (2022). Facebook Nation: Total Information Awareness: Third Edition. In Facebook Nation: Total Information Awareness: Third Edition. Springer New York. https://doi.org/10.1007/978-1-0716-1867-7
Li, J., Xiao, W., & Zhang, C. (2023). Data security crisis in universities: identification of key factors affecting data breach incidents. Humanities and Social Sciences Communications, 10(1). https://doi.org/10.1057/s41599-023-01757-0
Lim, S., & Oh, J. (2025). Navigating Privacy: A Global Comparative Analysis of Data Protection Laws. IET Information Security, 2025(1). https://doi.org/10.1049/ise2/5536763
Liu, J. (2022). Towards a Global Regulatory Framework for Cross-Border Data Flows —Fundamental Concerns and the China’s Approach. Frontiers of Law in China, 17(3), 412–439. https://doi.org/10.3868/s050-011-022-0040-7
Liu, Y., Yang, C., Liu, Q., Xu, M., Zhang, C., Cheng, L., & Wang, W. (2024). PDPHE: Personal Data Protection for Trans-Border Transmission Based on Homomorphic Encryption. Electronics (Switzerland), 13(10). https://doi.org/10.3390/electronics13101959
Lugati, L. N., & de Almeida, J. E. (2022). the Lgpd and the Construction of a Data Protection Culture. Revista de Direito, 14(1). https://doi.org/10.32361/2022140113764
Mackie, J., Taramonli, C., & Bird, R. (2017). Digital forensics and the GDPR: Examining corporate readiness. In S. M. & L.-K. N.-A. (Eds.), European Conference on Information Warfare and Security, ECCWS (Vol. 0, pp. 683–691). Curran Associates Inc. https://www.scopus.com/inward/record.uri?eid=2-s2.0-85028024670&partnerID=40&md5=0e7805d1280a3e4a824a473c177b7752
Malasowe, B. O., Aghware, F. O., Okpor, M. D., Edim, B. E., Ako, R. E., & Ojugo, A. A. (2024). Techniques and Best Practices for Handling Cybersecurity Risks in Educational Technology Environment ( EdTech ). Journal of Science and Technology Research, 6(2), 293–311. https://doi.org/10.5281/zenodo.12617068
Malatras, A., Sanchez, I., Beslay, L., Coisel, I., Vakalis, I., D’Acquisto, G., Sanchez, M. G., Grall, M., Hansen, M., & Zorkadis, V. (2017). Pan-European personal data breaches: Mapping of current practices and recommendations to facilitate cooperation among Data Protection Authorities. Computer Law and Security Review, 33(4), 458–469. https://doi.org/10.1016/j.clsr.2017.03.013
Marengo, F. (2020). Regulating data transfers through the international trade regime. Manchester Journal of International Economic Law, 17(2), 266–297. https://www.scopus.com/inward/record.uri?eid=2-s2.0-85092041166&partnerID=40&md5=840c561e32cdb61b2982cdddabd0c94f
Mizrak, F., & Reyhan Akkartal, G. (2024). Prioritizing cybersecurity initiatives in aviation: A dematel-QSFS methodology. Heliyon, 10(16). https://doi.org/10.1016/j.heliyon.2024.e35487
Mone, V., Abdulajonovich, S. M., Younas, A., & Petikam, S. (2024). Data Warfare and Creating a Global Legal and Regulatory Landscape: Challenges and Solutions. International Journal of Legal Information. https://doi.org/10.1017/jli.2024.22
Peng, S., Sun, D., Zhu, L., Zhou, H., Zhang, X., & Cui, C. (2023). Enhancing Cross-Border Data Sharing in Blockchain Networks: A Compliance-Centric Approach Ensuring Anonymity and Traceability. 2023 3rd International Conference on Computer Science and Blockchain, CCSB 2023, 200–204. https://doi.org/10.1109/CCSB60789.2023.10398873
Pigola, A., & de Souza Meirelles, F. (2024). Unraveling trust management in cybersecurity: insights from a systematic literature review. Information Technology and Management. https://doi.org/10.1007/s10799-024-00438-x
Poritskiy, N., Oliveira, F., & Almeida, F. (2019). The benefits and challenges of general data protection regulation for the information technology sector. Digital Policy, Regulation and Governance , 21(5), 510–524. https://doi.org/10.1108/DPRG-05-2019-0039
Portalatin, M., Keskin, O., Malneedi, S., Raza, O., & Tatar, U. (2021). Data Analytics for Cyber Risk Analysis Utilizing Cyber Incident Datasets. 2021 IEEE Systems and Information Engineering Design Symposium, SIEDS 2021. https://doi.org/10.1109/SIEDS52267.2021.9483743
Poyraz, O. I., Bouazzaoui, S., Keskin, O., McShane, M., & Ariel Pinto, C. (2020). Cyber-assets at Risk (CAR): The cost of personally identifiable information data breaches. In P. B.K. & W. H. (Eds.), Proceedings of the 15th International Conference on Cyber Warfare and Security, ICCWS 2020 (pp. 402–410). Academic Conferences and Publishing International Limited. https://doi.org/10.34190/ICCWS.20.066
Preethi, K. M., Ambika, M., Vickma, S., Megala, P., Yikram, D., & Santhoshkumar, S. P. (2024). Tech Guardians: Comprehensive Defense against Cyber Threats. 2nd International Conference on Sustainable Computing and Smart Systems, ICSCSS 2024 - Proceedings, 549–551. https://doi.org/10.1109/ICSCSS60660.2024.10624845
Radanliev, P. (2024). Digital security by design. Security Journal, 37(4), 1640–1679. https://doi.org/10.1057/s41284-024-00435-3
Rahman, M. T., & Nemati, H. R. (2024). Impact of organizations’ exposure in social media on the likelihood of a data breach. 30th Americas Conference on Information Systems, AMCIS 2024. https://www.scopus.com/inward/record.uri?eid=2-s2.0-85213032785&partnerID=40&md5=dd802c72df56871c6f5a5a1e8df12988
Rangrez, U. S., Qadri, S. A., Ashok Kumar, C., & Jothi Kumar, C. (2024). Cyber-Attack Defense System Enhanced by Artificial Intelligence. In C. R., K. M., M. S., & G. Y. (Eds.), 2024 International Conference on Intelligent Systems for Cybersecurity, ISCS 2024. Institute of Electrical and Electronics Engineers Inc. https://doi.org/10.1109/ISCS61804.2024.10581124
Schneider, G. (2022). Framing Accountability in Business-to-Government Data Sharing: The Gap Filling Role of Businesses’ Corporate Digital Responsibility. European Business Law Review, 33(6), 957–990. https://doi.org/10.54648/eulr2022040
Shahul Ikram, N. A. H. (2024). Data Breaches Exit Strategy: a Comparative Analysis of Data Privacy Laws. Malaysian Journal of Syariah and Law, 12(1), 135–147. https://doi.org/10.33102/mjsl.vol12no1.458
Sharma, R. C., & Zamfiroiu, A. (2023). Cybersecurity Threats and Vulnerabilities in the Metaverse. 2023 International Conference on Intelligent Metaverse Technologies and Applications, IMETA 2023. https://doi.org/10.1109/iMETA59369.2023.10294950
Shelepov. (2022). Approaches of BRICS Countries to Data Regulation4. International Organisations Research Journal, 17(3). https://doi.org/10.17323/1996-7845-2022-03-09
Stottler, B. (2024). “Key” Tam: Giving Teeth to Federal Data Security Enforcement. Minnesota Law Review, 109(2), 1003–1058. https://www.scopus.com/inward/record.uri?eid=2-s2.0-85214584315&partnerID=40&md5=1689045ae1fa5022404111ef7376e7c7
Tachepun, C., & Thammaboosadee, S. (2020). A Data Masking Guideline for Optimizing Insights and Privacy under GDPR Compliance. ACM International Conference Proceeding Series. https://doi.org/10.1145/3406601.3406627
Tan, W. (2024). National security as the trump card: assevnssing China’s legal regime on cross-border data transfer. Information and Communications Technology Law. https://doi.org/10.1080/13600834.2024.2375125
Teoh, C. S., & Mahmood, A. K. (2017). National cyber security strategies for digital economy. Journal of Theoretical and Applied Information Technology, 95(23), 6510–6522. https://www.scopus.com/inward/record.uri?eid=2-s2.0-85038375248&partnerID=40&md5=b5fe5b97d772a8758a97348555eb98e3
Tikkinen-Piri, C., Rohunen, A., & Markkula, J. (2018). EU General Data Protection Regulation: Changes and implications for personal data collecting companies. Computer Law and Security Review, 34(1), 134–153. https://doi.org/10.1016/j.clsr.2017.05.015
Treacy, C., Loane, J., & McCaffery, F. (2020). A Developer Driven Framework for Security and Privacy in the Internet of Medical Things. In Y. M., C. P., N. J., & M. R. (Eds.), Communications in Computer and Information Science: Vol. 1251 CCIS (pp. 107–119). Springer. https://doi.org/10.1007/978-3-030-56441-4_8
Veit, R. D. (2022). Safeguarding Regional Data Protection Rights on the Global Internet—The European Approach Under the GDPR. In Ius Gentium (Vol. 96, pp. 445–484). Springer Science and Business Media B.V. https://doi.org/10.1007/978-3-030-90331-2_18
Vetrivel, S. C., Maheswari, R., & Saravanan, T. P. (2024). Industrial IOT: Security Threats and Counter Measures. In Internet of Things: Vol. Part F2482 (pp. 403–425). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-981-97-0052-3_20
Volchkova, E. (2019). Integrated information security and privacy management system. Atas Da Conferencia Da Associacao Portuguesa de Sistemas de Informacao. https://www.scopus.com/inward/record.uri?eid=2-s2.0-85086632119&partnerID=40&md5=9b50a42e0a6d82deb07c2615d8f42318
Wang, Q. (2024). An Exploration of the Challenges of Cross-border Data Flow for International Investment Law by Counting and Fuzzy Numerical Analysis Algorithms. Applied Mathematics and Nonlinear Sciences, 9(1). https://doi.org/10.2478/amns.2023.2.00094
Yan, J. (2024). Data privacy regulation and cross-border e-commerce. Empirica, 51(4), 913–927. https://doi.org/10.1007/s10663-024-09624-0
Yang, J., Lee, Y., & McDonald, A. P. (2022). SolarWinds Software Supply Chain Security: Better Protection with Enforced Policies and Technologies. In L. R. (Ed.), Studies in Computational Intelligence: Vol. 1012 SCI (pp. 43–58). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-030-92317-4_4
Zaguir, N. A., De Magalhaes, G. H., & De Mesquita Spinola, M. (2024). Challenges and Enablers for GDPR Compliance: Systematic Literature Review and Future Research Directions. IEEE Access, 12, 81608–81630. https://doi.org/10.1109/ACCESS.2024.3406724
Zhelyazkova, A., Kaya, C., & Schrama, R. (2017). Notified and substantive compliance with EU law in enlarged Europe: evidence from four policy areas. Journal of European Public Policy, 24(2), 216–238. https://doi.org/10.1080/13501763.2016.1264084
CNN Indonesia. (2020, May 3). Kronologi lengkap 91 juta akun Tokopedia bocor dan dijual. Retrieved from https://www.cnnindonesia.com/teknologi/20200503153210-185-499553/kronologi-lengkap-91-juta-akun-tokopedia-bocor-dan-dijual
CNN Indonesia. (2021, June 30). Data pengguna LinkedIn bocor, dijual di Dark Web. Retrieved from https://www.cnnindonesia.com/teknologi/20210630130302-185-661303/data-pengguna-linkedin-bocor-dijual-di-dark-web
CNBC Indonesia. (2020, May 4). Cerita lengkap bocornya 91 juta data akun Tokopedia. Retrieved from https://www.cnbcindonesia.com
Dream.co.id. (2019, April 6). Data 540 juta pengguna Facebook bocor ke publik. Retrieved from https://www.dream.co.id
Fruhlinger, J. (2020, February 12). Marriott data breach FAQ: How did it happen and what was the impact? CSO Online. Retrieved from https://www.csoonline.com
Oladimeji, S., & Kerner, S. M. (2023, November 3). Hackers targeted SolarWinds by deploying malicious code into its Orion IT monitoring and management software. TechTarget. Retrieved from https://www.techtarget.com