Millions of Family Card (Kartu Keluarga) & Student Data Records Being Sold Online

Share Article

ITSEC Uncovers Significant Indonesian Family Card Data Theft

Cybersecurity firm ITSEC today reported that they had discovered evidence of large scale data theft consisting of millions of student records and Indonesian Family Card (Kartu Keluarga) data. This is a previously unknown data breach and the leaked data records are being sold on a number of underground marketplaces to anyone with enough cryptocurrency to pay for them.

The data contains a trove of millions personally identifiable information about its subjects, including full names, addresses, identity card numbers, dates of birth, full details of their family members and the details commonly found in Kartu Keluarga records. The perpetrators who acquired this data and made it available for sale illegally on an underground criminal market stated that this data comes from “an Indonesian ‘biodata’ database from the Ministry of Education & Culture”, but ITSEC has not been able to confirm that biometric data is included in the sale or that the data belongs to the Ministry of Education and Culture’s original database.

We spoke to ITSEC Investigator Junior Lazuardi and asked him where he thought the data came from, he told us “We cannot say for certain exactly where this database was stolen from, it is always hard to attribute stolen data found in the wild to its original source, but this data probably came from someone with access to the data rather than somebody hacking into the system”.

We also spoke to ITSEC founder and CTO Marek Bialoglowy for his view on the matter, he told us “We are deeply concerned about this data theft because typically this kind of data is used to commit fraud against the data subjects, criminals open bank accounts, apply for loans and even commit voter fraud. This crime hurts real people”.

ITSEC Group Chairman Patrick Dannacher said today “I am very proud of the talented investigators on our threat hunting team, they managed to discover and analyze a major data theft which could have impacted millions of Indonesian citizens. By working with law enforcement to bring the cybercriminals behind this to justice they are helping to underwrite the rule of cyber law in Indonesia and we can all sleep a little bit safer at night because of that.”

ITSEC’s investigators are currently working to ensure that the stolen data is removed from sale.

ITSEC is one of Asia Pacific’s largest cybersecurity firms delivering cybersecurity services in 17 countries across the APAC region. They are a CREST, AiSP member organization and hold the ISO 27001 and ISO 9001 certifications. ITSEC supplies its customers with a wide range of cybersecurity services ranging from penetration testing, incident response, forensic investigation, managed security services and compliance audits amongst others. Their team of cybersecurity professionals and consultants have been fully accredited by the CISSP, CISA, CSXP, CISM, OSCP, CEH, OSCE, GSEC, GPEN, GCIA & GCIH certification programs.

For more information about ITSEC please visit their website at

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Marek Biagolowy
Visit website