The Cybercrime Directorate of the Jakarta Metropolitan Police claims to have arrested the owner of the social media account known as "Bjorka," a figure long associated with major data breaches in Indonesia, but falls short of confirming whether the suspect is the same hacker who has been pursued since 2022.

The hacker known as Bjorka first drew national attention in September 2022 after leaking over 679,000 presidential documents, including classified intelligence materials. In response, then-president Joko Widodo formed a special task force involving the Ministry of Communication and Informatics (now Komdigi), the National Cyber and Encryption Agency (BSSN), the State Intelligence Agency (BIN), and the police.

Deputy Director of Cybercrime Directorate of the Jakarta Police, Adjunct Senior Commissioner Fian Yunus, said the detained suspect, identified only by the initials WFT, is 22 years old.

“He is the owner of the X accounts @bjorka and @Bjorkanesiaa, who was arrested on Tuesday, September 23, 2025 in Minahasa, North Sulawesi,” Fian told a press conference in Jakarta on Thursday, October 2, 2025.

Police said the arrest relates to a case of illegal access and data manipulation. The suspect allegedly posted manipulated bank database screenshots on X, making them appear authentic. The case originated from a private bank’s report in February after the account @Bjorkanesiaaa uploaded data belonging to one of its customers and claimed to have hacked 4.9 million customer records.

“The bank suffered losses in the form of heightened security risks and reputational damage, which could undermine public trust,” Fian said.

The suspect has been charged under multiple articles of Indonesia’s Electronic Information and Transactions (ITE) Law, carrying a maximum penalty of 12 years in prison and a fine of Rp12 billion (US$721,660). Police confiscated two mobile phones, one tablet, two SIM cards, and a flash drive containing 28 of WFT’s emails.

Investigators found that WFT has been active on social media under the alias Bjorka since 2020. However, police have not yet established whether he is the same Bjorka who gained notoriety for exposing massive troves of stolen personal data, including government and corporate records.

Since 2022, previously several individuals have been arrested under suspicion of being Bjorka, but doubts linger. In 2022, a youth in Madiun, East Java, admitted to selling a Telegram channel linked to Bjorka but denied being the hacker. Bjorka later ridiculed the arrest on the Breached.to forum, calling it a case of mistaken identity.

The hacker has since been linked to multiple data breaches, including the alleged sale of six million Indonesian tax records in 2024 for US$10,000, which cybersecurity experts verified as authentic. Bjorka’s activities date back to at least April 2020, when he was associated with the sale of Tokopedia user data.

For now, WFT remains in custody, but authorities acknowledge they cannot yet confirm whether he is the real Bjorka behind years of high-profile data leaks.