[BreachExchange] Indonesia's BRI Life probes reported data leak of two mln users

[Sophia Kingsbury]

https://www.reuters.com/business/finance/indonesias-bri-life-probes-reported-data-leak-2-million-users-2021-07-27/

BRI Life, the insurance arm of Indonesia's Bank Rakyat Indonesia (BRI)
(BBRI.JK), said on Tuesday it was investigating claims that the personal
details of over two million of its customers had been advertised for sale
by unidentified hackers.

Hudson Rock, a cybercrime monitoring firm, told Reuters that it had found
evidence which showed that multiple computers belonging to BRI and BRI Life
employees had been compromised.

"We are checking with the team and will provide an update as soon as the
investigation is done," BRI Life CEO Iwan Pasila said in a text message.

In a later statement, BRI Life said its investigation was being conducted
with an independent team specialising in cyber security to perform digital
tracing and to take the necessary steps to improve data protection for
policy holders.

Ade Nasution, BRI Life's corporate secretary, said the company was making
maximum effort to protect the data of its policy holders, adding the
company had never provided personal data to any "irresponsible parties".

In a post on the RaidForums website on Tuesday, an unnamed user said they
were selling a collection of 460,000 documents compiled from the user data
of over two million BRI Life clients for $7,000.

The post was accompanied by a 30 minute video of the documents, which
included bank account details, as well as copies of Indonesian
identification cards and taxpayer details.

"We identified multiple compromised employee computers of BRI Life and Bank
Rakyat Indonesia which may have helped the hacker obtain initial access to
the company," Hudson Rock said in a statement.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20210728/70261e24/attachment.html>