In a major cybersecurity incident just before Indonesia’s 79th Independence Day, the National Civil Service Agency (BKN) has suffered a significant data breach. The breach was confirmed by the Cyber Security Research Institute (CISSReC) on August 11, 2024, following a disclosure by an anonymous hacker known as TopiAx. The hacker posted the stolen data on Breachforums, revealing that over 4.7 million records were compromised. This data includes highly sensitive personal information such as names, dates of birth, civil servant identification numbers, academic titles, and job-related details.
The hacker has reportedly put the entire dataset up for sale at a price of $10,000 (Rp160 million). A sample of the stolen data, which includes information on 128 civil servants from various agencies in Aceh, was verified by CISSReC. Although the data was largely accurate, there were minor discrepancies noted in some fields. This breach underscores the vulnerability of governmental data systems and raises concerns about the protection of sensitive information within public institutions.
As of August 12, 2024, there has been no official response from BKN or other relevant authorities such as the National Cyber and Encryption Agency (BSSN) and the Ministry of Communication and Informatics. The incident brings into focus the importance of robust cybersecurity measures, particularly in light of the sensitive nature of the compromised data. The lack of immediate action or acknowledgment from these agencies has been a point of concern among cybersecurity experts and the public.
The breach is also notable as it comes after BKN’s memorandum of understanding (MoU) with BSSN, signed in October 2022, expired in October 2023. The MoU was intended to enhance the security of civil servant data and electronic transactions. It remains unclear if BKN has renewed this agreement, which could have provided additional safeguards against such breaches. The incident highlights the urgent need for renewed and strengthened data protection measures within government institutions to prevent future security lapses.
Reference: