PLN Hit by Another Data Breach, 44 Million Customer Records Exposed

 PLN Hit by Another Data Breach, 44 Million Customer Records Exposed

A recent data breach has once again struck Indonesia, targeting a prominent state-owned energy company, PLN. This time, PLN, the largest state-owned enterprise in Indonesia, fell victim to a series of cyberattacks throughout the year. For instance, in March, one of PLN's subsidiaries, Indonesia Power, faced a ransomware attack orchestrated by the Ransomhouse gang. Not stopping there, on October 23, PLN suffered another data breach caused by the threat actor known as "RRR."

This recent data leak, which is claimed to have been compromised since September 2023, originated from the "" domain and exposed a total of 44 million data records. The sheer volume of data for sale is staggering, considering PLN's portal encompasses three sections:,, and

The source of this breach remains uncertain, but the data offered by the threat actor "RRR" includes a plethora of sensitive information such as user_id, meter_id, meter_no, number, name, alias_name, no_ktp, email, phone, npwp, npwp_name, npwp_address, type, unitup, unitupi, namaup, energy_type, energy, fasa, is_splu, meter_kwh_number, peruntukan_id, keperluan_kd, rpujl, address, kode_pos, latitude, longitude, kode_prov, kode_kab, kode_kec, kode_kel, nama_prov, nama_kab, nama_kec, nama_kel, rt, rw, tahun_produksi, source, have_plts, have_estove, id_kompor.


Figure 1: Validation data from leaked PLN

In response, the Cyberdefenseinsight team has been attempting to validate the authenticity of the meter_id data. Their efforts have revealed that the meter_id data appears to be valid, as it contains information indicating that bills have been paid, which suggests the legitimacy of the meter_id in question.

Comparing this breach to a similar incident in 2022 on August 18, where PLN experienced a leak of 17 million records with a different data structure, including "ID, name, consumer name, energy type, KWh, address, meter number, meter type, UPI unit name, Ap Unit, Unit Ap name, Up Unit, Up Unit name, Last Update, Created At," raises questions. 

Figure 2: Old leak from 17 Million data PLN

Even though the data structure looks different, some of the data looks similar if you look closely, but it is still not known for certain whether the data is old or new because from PLN itself there has been no confirmation or statement regarding this recent leak.