The database from PT Bank Pembangunan Daerah Jawa Timur (Bank Jatim) Tbk is suspected of being leaked. The leaked data is also sold on Raid Forums and has customer data in it.
The data is sold at a price of US $ 250 thousand or Rp 3.5 billion. It is said that the data was sold by the username bl4ckt0r, according to the perpetrators there was 378GB of data containing 259 databases.
This includes sensitive data including customer data, employee data, personal financial data and others, said Cybersecurity Expert from the Cissrec Research Institute, Pratama Persadha.
Pratama said it was necessary to carry out digital forensics to find out the security holes used to break into the database.
“Of course this is a serious concern for the government. Digital forensics needs to be carried out to find out which security holes are used to break through, whether from the SQL (Structured Query Language) side so that SQL Injection is exposed or if there are other security holes,” said Pratama, in a statement quoted on Friday ( 22/10/2021).
CNBC Indonesia has also tried to contact Corsec Bank Jatim, Muhammad Fahmi. However, there has been no response to comment in this regard.
The alleged leak of Bank Jatim data was not long after the KPAI data was also leaked. The data was uploaded on Raid Forums with the user name C77 dated October 13, 2021.
The upload is named Leaked Database KPAI (kpai.go.id). Some of the uploaded data are name, identity number, citizenship, telephone number, religion, occupation, education, and gender. There are also two database links offered, namely kpai_pengaduan_csv and kpai_pengaduan2_csv.
The chairman of the Indonesian Child Protection Commission (KPAI), Susanto, admitted that the KPAI database had been stolen. It has also done a number of things to follow up on this.
“Following up on this, on October 18, 2021, KPAI has submitted a report to the Directorate of Cyber Crimes, Bareskrim Polri, and on October 19, 2021, KPAI has submitted a letter to the National Cyber and Crypto Agency. Furthermore, on October 21, 2021, KPAI has also send a letter to the Minister of Communication and Information to follow up on the matter,” he said in a written statement.