APSN Banner

BRI Life probes reported data leak of 2 million users

Reuters - July 28, 2021

Fanny Potkin and Tabita Diela, Singapore and Jakarta – BRI Life, the insurance arm of state-owned lender Bank Rakyat Indonesia (BRI), said on Tuesday it was investigating claims that the personal details of over two million of its customers had been advertised for sale by unidentified hackers.

Hudson Rock, a cybercrime monitoring firm, told Reuters that it had found evidence which showed that multiple computers belonging to BRI and BRI Life employees had been compromised.

"We are checking with the team and will provide an update as soon as the investigation is done," BRI Life chief executive officer Iwan Pasila said in a text message.

In a later statement, BRI Life said its investigation was being conducted with an independent team specialising in cyber security to perform digital tracing and to take the necessary steps to improve data protection for policy holders.

BRI Life corporate secretary Ade Nasution said the company was making maximum effort to protect the data of its policyholders, adding the company had never provided personal data to any "irresponsible parties".

In a post on the RaidForums website on Tuesday, an unnamed user said they were selling a collection of 460,000 documents compiled from the user data of over two million BRI Life clients for US$7,000.

The post was accompanied by a 30 minute video of the documents, which included bank account details, as well as copies of Indonesian identification cards and taxpayer details.

"We identified multiple compromised employee computers of BRI Life and Bank Rakyat Indonesia which may have helped the hacker obtain initial access to the company," Hudson Rock said in a statement.

Source: https://www.thejakartapost.com/news/2021/07/28/bri-life-probes-reported-data-leak-of-2-million-users.htm