Personal Data Breaches by Online Loans as a Form of Cyber Crime

Abstract

The rapid growth of online lending platforms in Indonesia has accelerated financial inclusion while simultaneously generating new forms of cyber crime, particularly the unlawful collection, processing, and dissemination of personal data by illegal operators.  This research analyzes personal data violations committed by online lending services as cyber crime from criminological and victimological perspectives following the enactment of Law Number 27 of 2022 concerning Personal Data Protection.  Using a normative juridical method with statutory and conceptual approaches, this study integrates cyber crime theory, digital white collar crime theory, opportunity theory, anomie theory, and critical victimology to explain structural relations between perpetrators and victims in the digital financial ecosystem.  The study finds that personal data exploitation constitutes cyber enabled financial crime characterized by asymmetry of information, technological dominance, weak enforcement mechanisms, and profit oriented motives.  Victims suffer layered victimization including financial losses, psychological harm, reputational damage, and secondary victimization.  Although the Personal Data Protection Law strengthens legal safeguards, implementation challenges remain significant due to cross border operations, institutional limitations, and low digital literacy.  The research proposes comprehensive penal and non penal strategies to enhance enforcement and victim protection.