State-owned railway operator PT Kereta Api Indonesia (KAI) has dismissed any data leakage despite claims by a group of hackers that they had accessed sensitive data belonging to the company, including information about employees and customer details.
“We will continue to conduct a thorough investigation to trace the issue,” said Joni Martinus, VP Public Relations at KAI, on Tuesday, January 16, 2024.
The alleged data breach by hackers was first reported by the Twitter account @TodayCyberNews on January 14, 2024. The hacker group threatened to expose the data if negotiations failed, giving KAI a 15-day ultimatum to respond.
“Fifteen days is more than enough time for the company to discuss the ransom money,” stated the hackers based on an image shared by @TodayCyberNews. “If we do not reach an agreement with the company within 15 days, we will leak all the data through a blog,” they added.
Joni said KAI would collaborate with law enforcement agencies to investigate the hacking case, adding that KAI would not succumb to extortion.
Joni stated that the company ensures all KAI data is secure.
“To date, all IT operational systems, KAI’s online ticket purchasing, and Face Recognition Boarding Gate services at all stations are functioning well,” he said.
Joni urged the public not to worry about the security of data on the Face Recognition Boarding Gate feature used by KAI, emphasizing that KAI has a robust information security management system.
KAI claims to have implemented the ISO 27001 international standard for Information Security Management System (ISMS).
“KAI consistently improves cybersecurity for the comfort of customers to continue using the comfortable, safe, and timely mass transportation services by train,” said Joni.
