Cyber Incident Victim: Universitas Diponegoro

On January 5, 2021, Diponegoro University (Undip) in Semarang, Indonesia, publicly addressed allegations of a data breach involving its student information systems. The incident came to light after Twitter user @fannyhasbi posted about the unauthorized disclosure of approximately 125,000 students' personal data, which they claimed was vulnerable to illegal online trading. University officials confirmed detecting hacking attempts targeting their servers, which stored extensive student records. They identified the cyberattacks as originating from multiple foreign jurisdictions, specifically naming the Netherlands, China, Hong Kong, and Mexico as source locations. The compromised data was believed to have been exfiltrated from pak.undip.ac.id, the university's academic performance scoring platform used to manage and evaluate student grades.

The breach exposed sensitive personal information of current and former students, creating risks of identity theft and financial fraud. University administrators activated their cybersecurity team to investigate the intrusion's scope and method while coordinating with relevant authorities to address the situation. Although the institution did not specify containment measures, it publicly advised affected students to immediately change their account passwords and monitor for suspicious activity. No details were provided regarding whether the attackers exploited specific vulnerabilities or maintained persistent access to systems. The disclosure timeline remained unclear, with the university neither confirming nor denying whether data had already appeared on illicit markets as suggested by the initial social media report.