Dio Suhenda, Jakarta – The National Police are investigating reports that data from its Indonesia Automatic Fingerprint Identification System (Inafis) were being sold on the dark web after a massive national database breach last Thursday temporarily crippled public services.
"We are checking [the reported breach], since it is still an ongoing issue right now," police spokesman Insp. Gen. Sandi Nugroho said on Tuesday, as quoted by Kompas.com, saying that police would "mitigate" the potential breach in cooperation with relevant government agencies.
The National Cyber and Crypto Agency (BSSN) told a press conference on Monday that a new variant of ransomware was used in Thursday's cyberattack on two temporary National Data Center (PDN) facilities, which had affected databases managed by more than 200 central and regional institutions.
The cyberattack happened around the same time that the BSSN discovered that data allegedly stolen from the police's Inafis was being offered for sale on the dark web.
"We have cross-checked with the police" about the data being sold on the dark web, BSSN head Hinsa Siburian told the press conference were theirs.
"They said it was their old data. For now, that's the answer that they have given us," he added.
As of Monday, the government was still trying to restore public services that were affected by the ransomware attack, although some had been restored and were running normally, such as the services of the Immigration Office, which falls under the Law and Human Rights Ministry.