redaksiharian.com – Hackers from the Lockbit group have claimed to have obtained customer data from Bank Syariah Indonesia ( BSI ) and announced that they have distributed the data on the dark web. The Twitter account @darktracer_int made this announcement on Tuesday, May 16, 2023.
“The negotiation period has ended, and the LockBit ransomware group has finally made all the stolen data from Bank Syariah Indonesia public on the dark web,” said the owner of the @darktracer_int account.
In the shared screenshots, various company data can be seen, ranging from regional chief executive officers (RCEO) to corporate secretaries. Additionally, there are internal documents such as retail banking backup data and a database of contractual agreement documents dated April 19, 2022.
Several netizens have raised concerns about BSI ‘s accountability regarding the security of customer data.
In response to the cyberattack, Gunawan A. Hartoyo, Corporate Secretary of BSI , stated that they have coordinated with several institutions, including the National Cyber and Encryption Agency (BSSN), the Financial Services Authority (OJK), and Bank Indonesia.
“The obstacles have been resolved, and customers can resume their financial transactions and necessary payments. We have also conducted an assessment of the attack, implemented recovery measures, audits, and mitigation to prevent future disruptions,” said Gunawan A. Hartoyo.
Furthermore, Gunawan A. Hartoyo urged the public not to easily believe rumors spread by irresponsible parties.
According to him, BSI regularly conducts checks and follows up on the overall security of their systems, while implementing long-term mitigation measures.
“Regarding the attack, BSI hopes that the public will not easily believe circulating information and always double-check the information they receive. We can assure you that customer data and funds are secure,” Gunawan emphasized.
Therefore, he also advised customers not to share their PIN, OTP, or passwords with anyone, including BSI employees, to prevent data misuse.***