Massive Data Breach Exposes Personal Information of Nearly 5 Million Indonesian Civil Servants

Personal data of 4.7 million Indonesian civil servants exposed in a massive breach. Sensitive info is now being sold online for $10,000. Protect yourself by changing passwords and monitoring accounts closely. #CyberSecurity #DataBreach #Indonesia

Massive Data Breach Exposes Personal Information of Nearly 5 Million Indonesian Civil Servants
Data Breach Exposes Personal Information of Nearly 5 Million Indonesian Civil Servants

Name: Badan Kepegawaian Negara (BKN)
Sector: Government / Civil Services
Website: bkn.go.id

Badan Kepegawaian Negara (BKN) is the Indonesian government agency responsible for managing the country's civil servants. This includes overseeing the employment records of civil servants (PNS) and government employees with work agreements (PPPK).


Breach Details

🗓️ Date of Breach Announcement: August 10, 2024
📄 Data Compromised: Personal and employment data of 4,759,218 Indonesian civil servants and government employees.
📂 Data Includes:

  • Personal Information: Full names, IDs, religion, addresses, birth dates
  • Employment Details: Work locations, job titles, grades, employment history
  • Additional Data: Email addresses, rank, education levels
    💾 File Format: CSV
    🌐 Source of Leak: Data was leaked from satudataasn.bkn.go.id, the official BKN data portal.
    👤 Threat Actor: A user known as "TopiAx" posted the data on a dark web forum.

Threat Actor Profile

🕵️ Alias: TopiAx
🔍 Forum Activity: Active since October 2023, with 223 posts and 44 threads.
⭐ Reputation: Low (2 points), suggesting limited trust or newer activity in the forum community.
💰 Motive: Likely financially motivated, as the full dataset is being sold for $10,000 (negotiable).


Impact Analysis

👥 Affected Individuals: Approximately 4.7 million civil servants and government employees across all provinces in Indonesia.
⚠️ Potential Risks:

  • Identity Theft: High risk due to the exposure of sensitive personal data.
  • Phishing Attacks: Leaked email addresses could be used in targeted phishing campaigns.
  • Reputational Damage: Significant impact on the public trust in the Indonesian government's data security.
  • 📉 Long-term Consequences: Potential for widespread misuse of the data, leading to fraud and unauthorized access to government services.
Coins by Cryptorank