Recently, it was reported that hackers stole $18 million from the Indonesian exchange Indodax, and now another cyberattack has occurred. A hacker appeared on the Breach forum with an interesting offer. He is selling over 6 million Indonesian taxpayer identification numbers (NPWP), including the number of the country's president, Jokowi.
The data is priced at $10,000. The database not only includes taxpayer identification numbers but also Indonesian KTP numbers (a type of national ID), addresses, mobile phone numbers, emails, and other personal information. In his post, the cybercriminal boasted about high-ranking officials whose information is included in the leaked database, and he didn’t mince words.
The information was provided by the founder of Ethical Hacker Indonesia, Teguh Aprianto. In addition to the president's number, the database contains the personal information of several important government officials, including Jokowi's two children—Vice President-elect Gibran Rakabuming Raka and his younger son Kaesang Pangarep—as well as the Minister of Communication and Information, the Minister of Finance, the Minister of State-Owned Enterprises, and the Minister of Trade.
Aprianto explained that the hacker also shared 10,000 free samples from the database as proof. A photo uploaded by Teguh shows that the account selling the data is associated with Bjorka, who has previously been suspected in other cyberattacks. The data leak reportedly occurred in September 2024, with information on 6,663,379 Indonesian citizens being sold for 153.1 million rupiah.
The Directorate General of Taxes at the Ministry of Finance has expressed concern over this incident and is conducting a thorough investigation. For now, the public is being asked to remain calm. The Ministry has not yet disclosed what actions will be taken after the investigation is complete.
"As for the circulating information about the data leak, the technical team is currently conducting a thorough review," said Dwi Astuti, Director of Public Relations for the Directorate General of Taxes.
Cybersecurity expert Alfonse Tanujaya warns that Indonesians should be informed of these events and predicts criminal activity may arise from the leak. Potential scams could involve fraudulent tax penalties or similar deceptive schemes through messages, SMS, or calls.
"For example, a fraudster could impersonate a tax inspector, contact you in some way, or even show up in person, armed with very accurate information about you," Alfonse said.
He also called on Finance Minister Sri Mulyani to assess data management and security procedures. "Please review the security of the data at the tax office. Even full addresses, cities, districts, provinces, mobile phone numbers, emails, and birthdates have been leaked, and it is obvious this information comes from the tax office," Alfonse stated.
The investigation into the breach is still ongoing, and no solutions have been proposed yet. However, at least 6 million Indonesians are very concerned that their personal information has fallen into the hands of cybercriminals and are waiting for concrete measures to resolve the situation.
You can add one right now!