PT Perusahaan Listrik Negara, or PLN, is an Indonesian government-owned corporation which has a monopoly on electric power distribution in Indonesia. And this time, the 2015's Fortune Global 500 company is facing privacy concerns.
This is because hackers allegedly hacked into PLN's customer database, and stole some 17 million customer data.
The leak was found by the Indonesian Cyber Research Institute CISSReC, who checked the alleged leak from the sample data provided by the uploader.
" [...] From the data, it contains a lot of information from PLN customers, for example names, customer IDs, addresses, customer types, and power limits," confirmed Chairman of CISSReC Pratama Persadha.
"So, it is possible that the leaked data is data from customers belonging to PLN," said Pratama

The leak was uploaded on August 18 by a hacker forum member that goes with the name Loliyta, who said that:
Pratama confirmed that the leak is true, and that 10 of the samples provided are true.
He said that the 10 samples of the PLN customer data from a total of 17 million claimed data can be traced back to the real customers.
Regardless, he couldn't be certain that all of the 17 million claimed data are also true.
"Currently, we need to wait for the hacker to provide more data samples while PLN conducts digital forensics and makes a statement," he said, according to Antara.
Pratama's team at CISSReC team tried contacting the hacker via Telegram, but didn't get any response yet.
The hacker may have refrained from providing him with more than what's needed.
If it is proven true, continued Pratama, PLN must learn from various hacking cases that have happened to many other Indonesian government institutions and companies before this.
He said that an increase in security awareness is crucial, and that government entities and companies on the internet need to strengthen their system.
The problem is that at this time, Indonesia has a relatively low awareness in cybersecurity.
This is the main reason why many government entities, as well as Indonesian tech companies were hacked, and that no lawsuit has been filed.
"In the country, efforts to fix this issue exists, for examplem with the formation of a CSIRT (Computer Security Incident Response Team). This CSIRT works with the BSSN (National Cyber and Crypto Agency, an Indonesia's primary signal intelligence agency) when a hack occurs," he said.
Read: Hacker Has Leaked Indonesian 'BPJS' Social Security Data, Said The Government













































































































































































































































































































































































