A significant database allegedly belonging to Indonesia’s state-owned electricity company, Perusahaan Listrik Negara (PLN), has been leaked and is being circulated on the dark web. The compromised data purportedly contains sensitive personal information of an undisclosed number of customers. PLN is the sole electricity provider for the archipelagic nation, serving millions of residential and business customers, making it a critical component of Indonesia’s infrastructure. The breach of its customer database could have far-reaching consequences for the privacy and security of a substantial portion of the Indonesian population.
The origin of the leak appears to be a post on a dark web forum, where a user shared a sample of the extensive database. The circulation of such sensitive information on illicit channels raises serious concerns about the potential for identity theft, financial fraud, and targeted phishing campaigns against the affected individuals. This incident highlights the persistent and evolving threats facing critical national infrastructure and the vast repositories of personal data they manage. The alleged breach underscores the importance of robust cybersecurity measures for state-owned enterprises that are entrusted with the personal and confidential information of the public.
The leaked data allegedly includes a wide range of customer information. Based on the samples circulating, the compromised data fields include:
- Customer Names
- Full Addresses
- Email Addresses
- Phone Numbers
- National Identity Card Numbers (Nomor Induk Kependudukan – NIK)
- Electricity Usage Details, including meter numbers and tariff types
- Geographical location data (latitude and longitude)
