Indonesian General Election Commission (KPU) Data Hacked by Jimbo, Sold for IDR 1.2 Billion

Warta Indonesia En. Ver – Another case of personal data leakage from the Indonesian General Election Commission (KPU) has occurred. This time, the website of the General Election Commission (KPU) is suspected to have been hacked by a hacker named Jimbo.

The leaked data includes National Identification Numbers (NIK), Family Card Numbers (KK), Identity Card Numbers (KTP), names, dates of birth, places of birth, genders, addresses, and polling station numbers.

The information about this data breach was first revealed by cybersecurity consultant Teguh Aprianto on(Tuesday, 28/11/23).

Through the Twitter social media platform, he shared screenshots of posts by the hacker Jimbo with the caption “KPU.GO.ID 2024 Voters RAW DATABASE.” Quoting Teguh Aprianto’s post on (Wednesday,29/11/23).

The hacker claimed to have obtained around 252 million data entries in their post on the illicit data Indonesian General Election Commission trading site, Breachforums.

However, there were some duplicated data, and after a filtering process, only 204,807,203 unique personal data entries remained.

From this data, Jimbo explained that he acquired complete information including NIK, NKK, no_ktp (Passport), Name, tps_id, Disability status, e-ID, gender, date of birth, place of birth, marital status, address, RT (neighborhood association), RW (residential community), and much more.

For all the leaked personal data, the hacker set a price of approximately USD 74,000 or around IDR 1.2 billion for the 204 million leaked Indonesian population data.

This voter data breach poses a serious threat to the organization of the 2024 elections. The leaked personal data can be exploited by irresponsible parties for criminal activities such as fraud, identity theft, and even election sabotage.

Risks Arising from Data Breach:

  • Fraud: Leaked personal data can be used by fraudsters for illegal transactions, such as creating fake credit cards or opening online loans.
  • Identity Theft: Leaked personal data can be used to steal someone’s identity, for example, to register with a bank or other services.
  • Election Sabotage: Leaked personal data can be used to disrupt the conduct of elections, such as spreading false information or conducting cyber attacks. The KPU has taken steps to address this data breach, including conducting investigations and enhancing the security of its website. However, it is crucial for the public to also increase vigilance and take measures to protect themselves from the potential risks arising from this data breach.