Monday, December 23, 2024

BSI’s data breach: A menace to Indonesia’s banking security

Reading Time: 3 minutes
Audina Nur

Journalist

Mahinda Arkyasa

Editor

Interview

A ransomware cybercriminal group Lockbit 3.0 claimed on Saturday (14/5) that they have acquired 1.5 terabytes of data from PT Bank Syariah Indonesia (BSI). This massive breach comprises of sensitive personal information belonging to a staggering 15 million customers and staff members of the bank.

This personal information data includes phone numbers, addresses, names, document information, account numbers, card numbers, and transactions. It also included financial documents, legal paperwork, non-disclosure agreement (NDA) contracts, and passwords for both internal and external bank services.

Following the unsuccessful 72-hour deadline for BSI management to resolve this issue, Lockbit 3.0 is suspected to have distributed this extensive data on dark websites on Tuesday (16/5). 

In a screenshot shared by the Twitter account @darktracer_int, it is apparent that a substantial amount of company management data has been leaked, ranging from regional chief executive officers (RCEO) to corporate secretaries. 

The screenshot also reveals several internal documents such as retail banking data backups and a database of contract requirement documents dated April 19, 2022. 

Furthermore, Lockbit 3.0 made a provocative announcement urging customers to cease using BSI due to their alleged lack of knowledge in safeguarding their money, savings, and personal information from cyber criminal attacks. 

BSI management responds

Despite the attack exposing customers’ data, BSI corporate secretary Gunawan A Hartoyo reassured that data and funds remain secure. 

“We urge customers to remain calm as we ensure the security of their data, funds, and transactions. We will also collaborate with the relevant authorities regarding this data breach issue,” Gunawan said, quoted from Tekno Liputan6.com on Tuesday (16/5).

Previously, BSI president director Hery Gunardi emphasized the need of conducting further audits and digital forensics to confirm the extent of the attack. 

He claimed that BSI has taken preventive measures to enhance security of its information technology, as evidenced by an increased allocation of capital expenditure budget to strengthen the IT system, reaching IDR 580 billion compared to the previous year’s approximately IDR 280 billion. 

Simultaneously, the company is conducting internal investigations and maintaining coordination with relevant parties, including the National Cyber and Crypto Agency (BSSN), Financial Services Authority (OJK), Bank Indonesia (BI), and others.

The BSI ransomware attack is the first hacker action to affect banking services. So far, many hacker groups have penetrated the banking system and other public institutions, but not to the extent of impairing activities.

Cyberattacks on Indonesia finance and banking industry

In Indonesia, almost all public institutions have experienced breaches by hackers. This reveals the vulnerability of cyber security devices in public institutions, especially those that handle people’s personal data. 

According to cybersecurity agency Palo Alto Networks, Indonesia is the third country with the highest number of ransomware attacks in Southeast Asia. In the past 18 months, Indonesia has experienced 14 ransomware attacks, primarily targeting the manufacturing, wholesale, and retail sectors, and professional and legal services. 

Meanwhile, Check Point Software Technologies’ study found that cyberattacks on Indonesia’s finance and banking industry topped the list, with an average of 2,730 attacks per week since January 2022. This figure is 252 percent higher than the global average of 1,083 cyberattacks.

This indicates that hackers find it relatively easier to operate within the country due to its lower level of cybersecurity. As a result, Indonesia becomes a vulnerable target for hackers and cyberattacks. 

Hackers’ actions are confined to trading personal data on the dark web or demonstrating their ability to infiltrate institutions considered strategic. 

For BSI, the ransomware attack this time could have a dual impact. Besides being scrutinised by the public about its security system, BSI’s image will also be damaged as the company is trying to attract new investors from abroad. 

This is part of the government’s scenario to “sell” BSI, the merged output of the Islamic units of three state-owned banks, to investors. After acquiring a new investor, BSI will expand overseas services.

Audina Nur

Journalist

Mahinda Arkyasa

Editor

 

Interview

SUBSCRIBE NOW
We will provide you with an invoice for your reimbursable expenses.

Free

New to Indonesian market? Read our free articles before subscribing to the premium plan. If you already run your business in Indonesia, make sure to subscribe to the premium subscription so you won’t miss any intelligence & business opportunities.

Premium

$550 USD/Year

or

$45 USD/Month

Cancelation: you can cancel your subscription at any time, by sending us an email inquiry@ibp-media.com

Add keywords to your market watch and receive notification:
Schedule a free consultation with us:

We’ll contact you for confirmation.

FURTHER READING

President Prabowo Subianto has been criticized over his idea of granting clemency to corrupters who are willing to return back the corrupted state assets.
The recent meetings of Minister of Investment and Downstreaming/Head of the Investment Coordinating Board (BKPM) Rosan P. Roeslani with eight Chinese giants in the electric car ecosystem in China on December 18-20, 2024 had resulted in a total new investment commitment of US$7.46 billion (Rp120 trillion).
The Corruption Eradication Commission (KPK) has started the investigation into alleged corruption at State-owned construction company PT Pembangunan Perumahan (PT PP) and has named two suspects in the case.
Indonesia embraces the return of plundered treasures and artefacts from the Dutch government, with about 828 cultural items having been returned to Indonesia from the Netherlands as of mid-December 2024, a recent report by The Straits Times reveals.
Indonesia, the largest country in Southeast Asia, faces signs of a shrinking middle class as a result of the lingering effects on the economy since the Covid-19 Pandemic and a general shift in its economy, a recent report by ABC News reveals.
PT Hero Global Investment (HGII), a holding company focused on the renewable energy industry in Indonesia, is set to form a strategic partnership with Shikoku Electric Power Company, Inc. (Yonden), a Tokyo Stock Exchange-listed company.