National Civil Service Agency of Indonesia hit by data breach
Learn More
The National Civil Service Agency (BKN) of Indonesia has become the latest victim of a data breach, as reported by the Cyber Security Research Institute (CISSReC). The breach, disclosed just before Indonesia's 79th Independence Day, was first claimed by a hacker with handle TopiAx, on Breachforums on August 10, 2024.
TopiAx claimed to have stolen 4,759,218 rows of sensitive data from BKN, including:
- Names
- Places and dates of birth
- Academic titles
- Dates of civil servant appointments
- NIP (Civil Servant Identification Number)
- CPNS (Candidate Civil Servant) Recruitment Decree (SK) numbers
- PNS (Permanent Civil Servant) SK numbers
- Ranks and job positions
- Institutions
- Addresses
- Identity numbers
- Phone numbers
- Email addresses
- Educational backgrounds, majors, and graduation years
The nature of the attack is not disclosed.
The stolen data included both cleartext information and encrypted data. The hacker has reportedly put the entire dataset up for sale, pricing it at US$10,000 (Rp160 million).
CISSReC's chairman, Pratama Persadha, reported that the hacker shared a sample dataset containing information on 128 civil servants from various agencies. A random verification of 13 names from this sample, conducted by CISSReC via WhatsApp, confirmed the accuracy of the data, though minor errors were noted in the final digits of the NIP and NIK fields.
Despite the severity of the breach, there has been no official response from BKN, the National Cyber and Encryption Agency (BSSN), or the Ministry of Communication and Informatics as of the time of the report.
