Sensitive Personal Information of Bank DKI Customers Leaked and Sold on Dark Web

Data leakage is a serious problem in Indonesia. In recent years, there have been many cases of data leakage involving government and private institutions.

Data leakage can have negative consequences for individuals, companies, and governments. Individuals can suffer financial losses, loss of privacy, and even physical security threats. Companies can suffer reputational damage and financial losses due to the loss of customer or employee data. Governments can lose public trust and disrupt public services.

Financial companies have been in the spotlight lately, due to the growing number of indications of the sale of login access, databases, and others that are sold on breached forums. Recently, one of the financial companies, Bank DKI, has become a victim.

Threat actor named "cookiemonster" has posted a sample of Bank DKI user information, which includes "Full Name, Email, Nickname, Religion, Title, Number. HP, KTP, Gender, Place of Birth, Date of Birth, Resident Status, Birth Mother's Maiden Name, Marital Status, Last Education, Emergency Number, Emergency Contact Name, Family Status with Customer, Reference Code."

Figure 1: Threac actor selling admin panel access

In his thread, threat actor "cookiemonster" said that what was being sold was access to the Bank DKI admin panel. This would be a major threat if the threat actor had access to the admin panel, as they could see all of a company's customers and make changes to them.

The threat actor sold the panel access for $80 USD, although it is not yet known whether the admin access came from a vulnerability that was exploited or from malware stealers. However, the validity of this breach case is still uncertain as there has been no statement issued by Bank DKI to date.

The case of data leakage at Bank DKI is a serious concern. The data that was leaked includes sensitive personal information that could be used for malicious purposes. The information could be used for malicious purposes, such as identity theft, fraud, or blackmail.

It is important for financial companies to take steps to protect their data and prevent future data leakage incidents. These steps include:

Implementing strong security measures, such as firewalls, intrusion detection systems, and data encryption.
Educating employees about data security best practices.
Regularly monitoring their systems for signs of unauthorized access.
By taking these steps, financial companies can help to protect their customers' data and prevent data leakage incidents.