Saturday, November 23, 2024

BSI’s data breach: A menace to Indonesia’s banking security

Reading Time: 3 minutes
Audina Nur

Journalist

Mahinda Arkyasa

Editor

Interview

A ransomware cybercriminal group Lockbit 3.0 claimed on Saturday (14/5) that they have acquired 1.5 terabytes of data from PT Bank Syariah Indonesia (BSI). This massive breach comprises of sensitive personal information belonging to a staggering 15 million customers and staff members of the bank.

This personal information data includes phone numbers, addresses, names, document information, account numbers, card numbers, and transactions. It also included financial documents, legal paperwork, non-disclosure agreement (NDA) contracts, and passwords for both internal and external bank services.

Following the unsuccessful 72-hour deadline for BSI management to resolve this issue, Lockbit 3.0 is suspected to have distributed this extensive data on dark websites on Tuesday (16/5). 

In a screenshot shared by the Twitter account @darktracer_int, it is apparent that a substantial amount of company management data has been leaked, ranging from regional chief executive officers (RCEO) to corporate secretaries. 

The screenshot also reveals several internal documents such as retail banking data backups and a database of contract requirement documents dated April 19, 2022. 

Furthermore, Lockbit 3.0 made a provocative announcement urging customers to cease using BSI due to their alleged lack of knowledge in safeguarding their money, savings, and personal information from cyber criminal attacks. 

BSI management responds

Despite the attack exposing customers’ data, BSI corporate secretary Gunawan A Hartoyo reassured that data and funds remain secure. 

“We urge customers to remain calm as we ensure the security of their data, funds, and transactions. We will also collaborate with the relevant authorities regarding this data breach issue,” Gunawan said, quoted from Tekno Liputan6.com on Tuesday (16/5).

Previously, BSI president director Hery Gunardi emphasized the need of conducting further audits and digital forensics to confirm the extent of the attack. 

He claimed that BSI has taken preventive measures to enhance security of its information technology, as evidenced by an increased allocation of capital expenditure budget to strengthen the IT system, reaching IDR 580 billion compared to the previous year’s approximately IDR 280 billion. 

Simultaneously, the company is conducting internal investigations and maintaining coordination with relevant parties, including the National Cyber and Crypto Agency (BSSN), Financial Services Authority (OJK), Bank Indonesia (BI), and others.

The BSI ransomware attack is the first hacker action to affect banking services. So far, many hacker groups have penetrated the banking system and other public institutions, but not to the extent of impairing activities.

Cyberattacks on Indonesia finance and banking industry

In Indonesia, almost all public institutions have experienced breaches by hackers. This reveals the vulnerability of cyber security devices in public institutions, especially those that handle people’s personal data. 

According to cybersecurity agency Palo Alto Networks, Indonesia is the third country with the highest number of ransomware attacks in Southeast Asia. In the past 18 months, Indonesia has experienced 14 ransomware attacks, primarily targeting the manufacturing, wholesale, and retail sectors, and professional and legal services. 

Meanwhile, Check Point Software Technologies’ study found that cyberattacks on Indonesia’s finance and banking industry topped the list, with an average of 2,730 attacks per week since January 2022. This figure is 252 percent higher than the global average of 1,083 cyberattacks.

This indicates that hackers find it relatively easier to operate within the country due to its lower level of cybersecurity. As a result, Indonesia becomes a vulnerable target for hackers and cyberattacks. 

Hackers’ actions are confined to trading personal data on the dark web or demonstrating their ability to infiltrate institutions considered strategic. 

For BSI, the ransomware attack this time could have a dual impact. Besides being scrutinised by the public about its security system, BSI’s image will also be damaged as the company is trying to attract new investors from abroad. 

This is part of the government’s scenario to “sell” BSI, the merged output of the Islamic units of three state-owned banks, to investors. After acquiring a new investor, BSI will expand overseas services.

Audina Nur

Journalist

Mahinda Arkyasa

Editor

 

Interview

SUBSCRIBE NOW
We will provide you with an invoice for your reimbursable expenses.

Free

New to Indonesian market? Read our free articles before subscribing to the premium plan. If you already run your business in Indonesia, make sure to subscribe to the premium subscription so you won’t miss any intelligence & business opportunities.

Premium

$550 USD/Year

or

$45 USD/Month

Cancelation: you can cancel your subscription at any time, by sending us an email inquiry@ibp-media.com

Add keywords to your market watch and receive notification:
Schedule a free consultation with us:

We’ll contact you for confirmation.

FURTHER READING

The Securities Crowdfunding (SCF) and Initial Public Offering (IPO) schemes are the two main instruments offered by the Indonesian capital market to support corporate funding, a senior official at the Indonesia Stock Exchange (IDX) has said.
Former Minister of Communication and Informatics (Kominfo), Budi Arie Setiadi, has alleged the presence of individuals linked to online gambling within the ministry before his tenure began.
Former Coordinating Minister for Political, Legal, and Security Affairs, Mahfud MD, has expressed concern over what he perceives as political undertones in the arrest of former Trade Minister Thomas Trikasih Lembong, known as Tom Lembong.
The Center of Economics and Law Studies (CELIOS) research institute revealed that the state budget (APBN) deficit has the potential to exceed the safe limit and could reach three percent in 2029 due to the free nutritious meal program (MBG).
The Center for Indonesia’s Strategic Development Initiatives (CISDI) says that the simultaneous Regional Head Elections (Pilkada) on Wednesday, November 27, 2024 can be a momentum to determine leaders who care about the impact of the climate crisis.
The Ministry of Communication and Digital (Komdigi) has identified a number of accounts in digital wallet applications, such as DANA, GoPay, LinkAja, OVO, Sakuku, and ShopeePay, that have been used for online gambling transactions.