TEMPO.CO, Jakarta - Once again, the security of personal data held by the state needs to be questioned. This time, more than 6 million Tax Identification Number (NPWP) data registered in the Directorate General of Taxes (DGT) was allegedly leaked and sold by Bjorka the hacker. There was a leak of data such as the Citizens Identity Number (NIK), NPWP, address, phone number, email address, and so on.

Who is Bjorka?

Bjorka is a notorious hacker who once breached and hacked the data of several Indonesian government websites back in 2022.

Bjorka also posted presidential documents and letters, including from the Intelligence Agency (BIN), between 2019 - 2021 to an online forum named breached.to which then went viral on social media. 

The hacker also claimed to have pocketed 679,180 documents and several of them have been disclosed.

Sold for Rp152 Million

Founder of Ethical Hacker Indonesia, Teguh Aprianto, through his account X, stated, "6 million NPWP data is being sold for around 150 million Indonesian Rupiah," he wrote on Wednesday, September 18, 2024. The leaked data is suspected to include those belonging to President Jokowi, Finance Minister Sri Mulyani Indrawati, and Trade Minister Zulkifli Hasan.

Teguh also included a screenshot in a data hacking buy-and-sell forum. In the photo, an anonymous account named Bjorka was the user, dated Wednesday, September 18, 2024. The account claimed to have gathered more than 6.6 million personal data sold on the forum for a price of 10,000 US Dollars or equivalent to Rp152.96 million.

Based on Teguh's findings, there are 10,000 samples available on the illegal forum for sale. "The fields in the sample are: NIK, NPWP, name, address, sub-district, district/city, province, KLU code, KLU, KPP name, regional office name, phone number, fax, email, date of birth, registration date, VAT taxpayer status, VAT registration date, taxpayer type, legal entity," Teguh further wrote.

Leaked NPWP of Several Officials

Teguh also provided a list of the top 25 names found in the 10,000 samples. Jokowi's name topped the list, followed by his sons' names: Gibran Rakabuming Raka and Kaesang Pangarep. Below them were Communications and Information Minister Budi Arie Setiadi and Finance Minister Sri Mulyani Indrawati. Airlangga Hartarto, the Coordinating Minister for Economic Affairs, was also on the list along with State-Owned Enterprises Minister Erick Thohir, Trade Minister Zulkifli Hasan, and other government officials' data.

"Within the sample, you will find personal information about the President of Indonesia and his sons as well as officials in the Ministry of Finance and other ministers which are also useless," as written in the English-text narrative on the page entitled "6 Million Indonesian Taxpayers' Identification Numbers (NPWP)."

Finance Minister Sri Mulyani Requests DGT and Ministry of Finance to Evaluate

Finance Minister Sri Mulyani requested the Directorate General of Taxes (DGT) and Ministry of Finance to evaluate the alleged data theft.

"I have asked the Director General of Taxes and all parties at the Ministry of Finance to evaluate the issue. The explanation will be conveyed by the Director General of Taxes (Suryo Utomo) and the IT team," said Sri Mulyani after attending a Plenary Meeting to Decide on the State Budget Bill for the 2025 Fiscal Year in Jakarta on Thursday.

Meanwhile, the DGT of the Ministry of Finance stated they are presently investigating the alleged NPWP data leak. They also mentioned that after the evaluation is completed, a press conference will be immediately held to announce the examination results to the media.

Jokowi's Response: Due to Password Negligence

President Joko Widodo or Jokowi also spoke regarding the alleged leakage of the Tax Identification Number (NPWP) data at the Directorate General of Taxes of the Ministry of Finance. According to President Jokowi, data leakage incidents do not only occur in Indonesia but also in several other countries. He stated various factors that could cause the data leakage.

"Maybe due to negligence in passwords or due to storing data in different places," Jokowi said during the inauguration of the Solo-Yogyakarta Toll Road at the Banyudono Toll Gate, Boyolali, Central Java, on Thursday, September 19, 2024.

The head of state mentioned that this could provide a space for hackers to hack the data to gain entry into the system. Furthermore, Jokowi emphasized the necessity of mitigation by related ministries regarding the NPWP data leakage.

HATTA MUARABAGJA | HANIN MARWAH | HILMAN FATHURRAHMAN | INGE KLARA SAFITRI | HANAA SEPTIANA | RADEN PUTRI | ALPADILLAH GINANJAR

Editor's Choice: Bjorka Returns, Leaks 44 Million Data of MyPertamina

Click here to get the latest news updates from Tempo on Google News