Sensitive data from the Indonesian Strategic Intelligence Agency (BAIS) of the Indonesian Military (TNI) and the Indonesia Automatic Finger Identification System (INAFIS) of the National Police (Polri) has been compromised and sold on the dark web. The hacker, operating under the alias Moonz Haxor, is demanding a ransom of up to US$7,000 ( Rp114 million) for the compromised data.
The breach was first reported by Twitter account @falconfeedsio, which revealed that the hacker had posted samples of the stolen data on a dark web marketplace, offering complete data sets to interested buyers.
TNI spokesman Major General Nugraha Gumilar confirmed that the TNI Cyber Team is currently investigating the alleged data breach of BAIS TNI.
“Regarding the information from the Falcon Feed account that BAIS TNI data has been hacked, it is still under thorough examination by the TNI Cyber Team,” Nugraha ssaid on Wednesday, June 26, 2024.
Lieutenant General Hinsa Siburian, Head of the National Cyber and Encryption Agency (BSSN), acknowledged that the leaked data includes older information but reassured that the current INAFIS system is functioning correctly.
“Indeed, there are a lot of leaked data,” Hinsa said.
The @FalconFeedsio account also detailed that Moonz Haxor, a member of BreachForums, disclosed the breach, which includes sensitive information such as fingerprint images, emails, and SpringBoot applications with configuration properties.
The incident highlights ongoing cybersecurity vulnerabilities and the critical need for robust data protection measures within Indonesia’s strategic and law enforcement agencies.
