Initially, news of this leak was reported by the Twitter account (currenty known as 'X') @secgron, in July 2023. The hacked data was traded on the an online forum named Breach Forums.

"A threat actor at Breach Forums offers a login service to anyone's MyBCA account with only their name and account number. The perpetrator also attached a display when logging in to 6 account owners," the Twitter account posted.

Around 6.4 million data that was leaked identified as users of the MyBCA application, a digital platform that only requires a single user ID to access all account information. Meanwhile, this application can be accessed via cellphone or website.

Cyber expert response to data leak

Alfons Tanujaya, a cyber security expert from Vaksin.com concluded that the leaked BCA customer account data is valid data based on MyBCA credentials.

"From the sample leak of MyBCA user data on Breach Forums, I can conclude that the data provided is valid, " he said, on July 31, 2023.

He considered that the hacker already had a database listing all MyBCA credentials. This is because hackers only need the account number and full name of the account user to access MyBCA data.

He added, this leak of credentials carries a risk because it can be used to access all MyBCA accounts from a browser.

Meanwhile, hackers can access and obtain information on customer account numbers, both mutations, transfer lists and all data from the MyBCA application.

However, leaked credentials cannot be used to access MyBCA from the application. This is because it requires additional verification.

BCA responds to data leak

The management of Bank BCA responded and confirmed that it had been checked. The bank concluded that the data claimed was different from the data it owned.

Raymon Yonarto, BBCA Secretary said, Bank BCA is trying its best to mitigate the risks needed to maintain the security of customer data and digital transactions.

He added, corporate strategy and implementation of security standards at BBCA are always evaluated and updated from time to time by taking into account developments in cyber security and digital transactions.