CISSReC Reveals Alleged BKN Data Leakage


CISSReC Cyber Security Research Institute revealed that personal data leaks were still happening again ahead of the 79th Anniversary of the Republic of Indonesia, this time the victim of the hack was the State Civil Service Agency (BKN).

"This finding originated from a post from hacker with the anonymous name TopiAx in Breachforums on Saturday, August 10, 2024," said Chairman of the CISSReC Cyber Security Research Institute Dr. Pratama Persadha when confirmed in Semarang, Sunday morning.

In his post, said the graduate lecturer at the State Intelligence College (STIN), hackers claimed to get data from BKN in the amount of 4,759,218 rows containing very many data, including name, place of birth, date of birth, title, date of CPNS, date of civil servants, NIP, number of SK CPNS, and number of SK PNS.

Other data, namely groups, positions, agencies, addresses, identity numbers, cellphone numbers, email (email), education, majors, and years of graduation.

In addition to these data, there are many other data, both in the form of cleartext (information stored or sent in unencrypted form) and text that have been processed using cryptographic methods.

In the post, Pratama continued, hackers who had joined the usual forum for buying and selling the hacks offered all of the data amounting to US$10,000 (around Rp160 million).

This cybersecurity expert revealed that hackers also shared data samples containing 128 ASNs from various agencies in Aceh.

Regarding this, the CISSReC has conducted random verification of 13 ASN whose names are listed in the data sample via WhatsApp.

"They think the data is valid even though someone informed about the last digit writing error on the NIK and NIK fields," said Pratama.

Until Sunday morning, he said, there had been no official confirmation, both from BKN and related parties such as BSSN and Kominfo on the alleged leak of this data.

BKN has made a memorandum of understanding (MoU) with BSSN to strengthen ASN data and improve the quality of information protection and electronic transactions on October 3, 2022. However, said Pratama, this MoU is only valid for 1 year and ends in October 2023.

"It is not yet known whether BKN extended the MoU with the BSSN or not?" said the lecturer at the PTIK Police Science College (STIK).

Comments