The insurance arm of Indonesia’s Bank Rakyat Indonesia, BRI Life, said it was investigating a possible data breach, as reported by local media outlets. The personally identifiable information of over 2 million of its customers had been put up for sale on a hacker forum.
Security company Hudson Rock, which investigated the case, said it had discovered evidence that showed that multiple computers owned by employees of BRI and BRI Life had been compromised.
Hudson Rock is a Tel Aviv-based security monitoring firm. Its flagship product, Cavalier, is a cybercrime intelligence database of millions of compromised machines that allows to defend and protect from Ransomware and other attacks.
A user on the RaidForums website has put up for sale 460,000 documents claiming they belong to the BRI Life client database. The whole database compiled from 2 million BRI Life clients was offered for $7,000.
The forum post contained a 30-minute-long video showing a list of documents with details like bank account information, Indonesian ID cards, and taxpayer details.
Hudson Rock said on Friday that it had identified multiple compromised computers of the Indonesian companies. The company believes that the hacker gained access to the systems through these machines.
“We identified multiple compromised employee computers of BRI Life and Bank Rakyat Indonesia which may have helped the hacker obtain initial access to the company,” Hudson Rock said in a statement.
At this time, not many details are available about the incident.
“We are checking with the team and will provide an update as soon as the investigation is done,” BRI Life CEO Iwan Pasila reportedly said.