Cyber Incident Victim: General Elections Commission of Indonesia
Date:
Sep 2022
Location:
Indonesia
Summary
A hacker using the alias Bjorka leaked sensitive personal data of over 105 million Indonesian citizens, representing approximately 40% of the nation's population, allegedly obtained from the General Elections Commission. The compromised dataset included national ID card numbers, full names, dates of birth, addresses, gender, polling station details, and other personally identifiable information, which was offered for sale on a hacking forum for $5,000. This incident occurred amid a broader pattern of cybersecurity breaches affecting multiple Indonesian government entities and critical infrastructure sectors throughout the year, including prior leaks involving telecommunications registration data and other sensitive records.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On September 7, 2022, a hacker using the alias Bjorka announced the leak of sensitive personal data belonging to approximately 105 million Indonesian citizens on BreachForums, a hacking community forum. The dataset, comprising 20GB of information, allegedly originated from the General Elections Commission of Indonesia and included national ID card numbers, full names, dates of birth, registration addresses, provinces of residence, ages, genders, and polling station numbers. A sample reviewed by Cybernews confirmed the presence of this personally identifiable information (PII), representing roughly 40% of Indonesia’s population. The hacker offered the full dataset for sale at $5,000, though no confirmation of the data’s legitimacy or origin was provided by Indonesian authorities at the time of reporting. This incident followed a pattern of high-profile breaches targeting Indonesian institutions throughout 2022, including attacks on the Bank of Indonesia, hospitals, police services, and the Ministry of Law and Human Rights.
The Elections Commission breach occurred shortly after another significant data exposure involving Indonesia’s Ministry of Communication and Information Technology, where hackers leaked an 87GB dataset purportedly containing registration details of 1.3 billion SIM cards linked to citizens’ ID numbers, priced at $50,000 on the same forum. Cybernews contacted Indonesia’s National Cyber and Encryption Agency for comment regarding the Elections Commission breach but received no response prior to publication. The cumulative effect of these breaches exposed vast quantities of citizen PII, creating substantial risks for identity theft, financial fraud, and targeted cybercrime. The Elections Commission incident specifically compromised electoral infrastructure data, raising concerns about the integrity of voter registration systems and the potential misuse of polling station information. These repeated breaches underscored systemic cybersecurity vulnerabilities across Indonesian government institutions during this period.