Indonesia’s cybersecurity landscape is once again stirred by a data breach claim targeting sensitive information of prospective state civil servants. A hacker using the pseudonym DigitalGhost claims to have successfully leaked data belonging to 700,000 individuals who are participants in the Civil Servant Candidate Selection (CPNS) process at one of the ministries.
This claim was first announced via the social media account X (formerly Twitter) with the handle @H4ckmanac.
Sensitive Data at Risk
The data claimed to have been stolen by DigitalGhost is highly specific and sensitive because it is directly related to the identity of the participants and the history of the state recruitment process. According to the post, the leaked information allegedly includes:
- NIK (National Identity Number)
- Selection participant number
- Full name
- Exam session date and location
- Applied job position
- Assigned department
Potential Danger to Victims
A data breach encompassing NIK and full names is highly susceptible to misuse for various criminal acts, ranging from fraud (phishing), creation of illegal online loan accounts, to scams impersonating government institutions. Moreover, this data also contains details of the CPNS selection process, making it an easy target for cybercriminals.
As of now, there has been no official confirmation or statement from the ministry concerned regarding this breach claim. Authorities are expected to immediately conduct a digital forensic audit to verify the authenticity of DigitalGhost’s claims and take mitigation steps to protect the privacy rights of hundreds of thousands of prospective civil servants whose data is at risk.
