A senior leader at Indonesia’s communication ministry has resigned after a cyberattack crippled essential government services across the nation, amid intensifying demands for other top officials to be held accountable as the nation grapples with cyber threats.

Semuel Abrijani Pangerapan resigned as director general of applications and information at Indonesia’s communication ministry on Thursday, saying he was “morally responsible” for the June 20 breach that paralysed public services, including the airports’ immigration system, for several days.

“I apologise for all the mistakes made and anything I said that caused upset. This incident is technically my responsibility and I should have resolved it,” said Semuel, who had served in the position for eight years.

His resignation comes as calls mount for Communications Minister Budi Arie Setiadi to also step down. An online petition demanding Budi’s resignation has garnered over 25,000 signatures, citing his lack of accountability in addressing the recurring cyberattacks.

President Joko Widodo told reporters on Wednesday that a full audit of the incident was taking place and the focus was on ensuring the protection of all sensitive data across government agencies.

When asked if Budi would be removed from his position, Widodo said the government was still “evaluating everything”.

“Above all else, we need to find solutions so the cyberattack won’t happen again and [to ensure] that all of our national data is backed up,” he said.

The cyberattack – reportedly committed by a hacker group called the LockBit Gang using a form of ransomware – affected more than 280 government agencies, with most of them experiencing complete data loss.

The hacker group had demanded ransom of US$8 million, but has since issued an apology and provided a decryption key to unlock the stolen data, even after the government refused to pay the ransom.

The communication ministry on Thursday verified that the decryption key was functional and is working to restore systems.

The ministry expects a full recovery next month, with only 2 per cent of the data salvaged so far.

Beltsazar Krisetya, a researcher at Jakarta’s Centre for Strategic and International Studies who focuses on cybersecurity issues, said it was only a matter of time before a cyberattack of this scale targeted Indonesia.

“The regulatory, institutional, and technical aspects of Indonesia’s data protections are in limbo,” he said, adding that current security gaps meant data breaches and ransomware attacks are “to be expected”.

The hack has paralysed Indonesia’s immigration system, resulting in long queues at airport immigration desks as officers manually check passengers’ passports.

Other systems, including the electronic procurement registry and online applications for scholarships and tuition aid, were also affected.

Cyberattacks are prevalent in Indonesia and authorities are often accused of downplaying such incidents instead of being transparent about the extent of the problem and the risks to citizens’ personal data.

Digital rights group Southeast Asia Freedom of Expression Network (SAFEnet) – which started the petition seeking Budi’s resignation – said there had been at least 113 cases of personal data leaks reported in Indonesia over the past two years.

On social media, Indonesians continued to demand greater accountability from Budi and the communications and information ministry.

“The minister should also resign. In fact, the director general should have resigned earlier,” said political analyst Yanuar Nugroho on social media platform X.

Krisetya from CSIS said Indonesia’s incoming government should select the next communications and information minister based on merit instead of treating it as a political appointment.

“The position demands a breadth of knowledge of telecommunication, media ecosystem, content moderation, internet access, and other elements of ICT [information and communications technology] that fall under its purview.

“Having a minister with an ICT background that can bridge technical-level questions with policy is essential.”