TEMPO.CO, Jakarta - BRI Life's insurance customer data was allegedly leaked and sold online. The allegations emerged after a Twitter account @UnderTheBreach uploaded a thirty-second image and video, proving the data leak.
"Huge breach - threat actor is selling sensitive data from BRI Life: 2 million clients and 463,000 documents," the account tweeted Tuesday, July 27.
According to cybersecurity firm Hudson Rock, the data was leaked following the hacking of the computers belonging to BRI and BRI Life employees. They claimed to have identified several computers in question at the two companies.
"We identified multiple compromised employee computer of BRI Life and Bank Rakyat Indonesia which may have helped hacker obtain an initial access to the company," Hudson Rock @HRock tweeted with screenshots posted on Tuesday.
Meanwhile, @UnderTheBreach account tweeted that customer data was sold for US$7,000 (Rp101 million). In addition, in the video it was stated that the data size obtained by the hackers is 250 GB, in the form of customer ID cards and other documents.
Currently, BRI Life is investigating the data breach. "We are currently checking and will provide an update as soon as the investigation is complete," said BRI Life CEO Iwan Pasila, Tuesday.
The BRI Life investigation was carried out together with an independent team specialized in cybersecurity. They will perform digital searches and take necessary steps to improve data protection for policyholders.
Ade Nasution, Corporate Secretary of BRI Life, explained that the company is trying its best to protect the customer data. "The company never provides personal data to irresponsible parties," he asserted.
Moh Khory Alfarizi | Maudey K. Setyakusuma (Intern)