Indonesian Government-Owned Electricity Company Hacked: 17 Million Customers Data Leaked

PT Perusahaan Listrik Negara, or PLN, is an Indonesian government-owned corporation which has a monopoly on electric power distribution in Indonesia. And this time, the 2015's Fortune Global 500 company is facing privacy concerns.

This is because hackers allegedly hacked into PLN's customer database, and stole some 17 million customer data.

The leak was found by the Indonesian Cyber Research Institute CISSReC, who checked the alleged leak from the sample data provided by the uploader.

" [...] From the data, it contains a lot of information from PLN customers, for example names, customer IDs, addresses, customer types, and power limits," confirmed Chairman of CISSReC Pratama Persadha.

"So, it is possible that the leaked data is data from customers belonging to PLN," said Pratama

PLN hacked
A screenshot of the forum thread (samples and contact person censored) made by the hacker, who allegedly hacked Indonesian government-owned corporation.

The leak was uploaded on August 18 by a hacker forum member that goes with the name Loliyta, who said that:

"Hi, Im selling data PLN17 MILLION++ with fieldID,Idpel,Name,Consumer Name,Energy Type,Kwh,Address,Meter No,Unit Upi,Meter Type,Nama Unit Upi,Unit Ap,Nama Unit Ap,Unit Up,Nama Unit Up,Last Update,Created At."

Pratama confirmed that the leak is true, and that 10 of the samples provided are true.

He said that the 10 samples of the PLN customer data from a total of 17 million claimed data can be traced back to the real customers.

Regardless, he couldn't be certain that all of the 17 million claimed data are also true.

"Currently, we need to wait for the hacker to provide more data samples while PLN conducts digital forensics and makes a statement," he said, according to Antara.

Pratama's team at CISSReC team tried contacting the hacker via Telegram, but didn't get any response yet.

The hacker may have refrained from providing him with more than what's needed.

[block:block=87]

If it is proven true, continued Pratama, PLN must learn from various hacking cases that have happened to many other Indonesian government institutions and companies before this.

He said that an increase in security awareness is crucial, and that government entities and companies on the internet need to strengthen their system.

The problem is that at this time, Indonesia has a relatively low awareness in cybersecurity.

This is the main reason why many government entities, as well as Indonesian tech companies were hacked, and that no lawsuit has been filed.

"In the country, efforts to fix this issue exists, for examplem with the formation of a CSIRT (Computer Security Incident Response Team). This CSIRT works with the BSSN (National Cyber and Crypto Agency, an Indonesia's primary signal intelligence agency) when a hack occurs," he said.

Read: Hacker Has Leaked Indonesian 'BPJS' Social Security Data, Said The Government