%20(1).webp?w=1600&resize=1600,900&ssl=1)
A threat actor has claimed responsibility for a significant data breach targeting SICANTIK (Sistem Informasi Pencatatan Kehadiran dan Kinerja), a cloud-based licensing and attendance management system widely used by Indonesian government agencies.
The leaked database, advertised on a dark web forum, reportedly contains 14,097 user records, 14,806 applicant profiles, and sensitive details of 95 employees, including identity numbers, email addresses, account statuses, and administrative roles.
This incident underscores persistent cybersecurity vulnerabilities in Indonesia’s public-sector digital infrastructure, mirroring systemic risks highlighted in recent attacks on critical systems like the Temporary National Data Centre.
Background: SICANTIK’s Role in Government Digitization
Developed to streamline business licensing and employee management, SICANTIK serves as a centralized platform for over 300 Indonesian agencies, enabling digital workflows for permits, attendance tracking, and performance reporting.
infrastructure, mirroring systemic risks highlighted in recent attacks on critical systems like the Temporary National Data Centre.
Background: SICANTIK’s Role in Government Digitization
Developed to streamline business licensing and employee management, SICANTIK serves as a centralized platform for over 300 Indonesian agencies, enabling digital workflows for permits, attendance tracking, and performance reporting.
Despite its integration into critical administrative processes, the system has
Despite its integration into critical administrative processes, the system has faced scrutiny for technical limitations, including fragmented data governance and insufficient encryption protocols.
The alleged breach follows a February 2025 CYFIRMA advisory warning of vulnerabilities in SICANTIK’s cloud architecture, which researchers linked to unpatched API endpoints and weak access controls.
Breach Mechanics and Immediate Risks
The threat actor, operating under the alias “monthreat,” disclosed samples of the stolen data, revealing personally identifiable information (PII) such as national identity numbers (Nomor Induk Kependudukan)—a prime target for identity theft and financial fraud.
Cybersecurity analysts speculate that attackers exploited misconfigured cloud storage buckets or leveraged phishing campaigns to gain initial access, a tactic observed in the 2023 Bank Syariah Indonesia breach that exposed 1.5 TB of customer data.
With PII now circulating on illicit markets, affected individuals face heightened risks of credential-stuffing attacks, SIM-swapping, and targeted ransomware schemes.
Systemic Vulnerabilities and Precedent Incidents
This breach aligns with a pattern of cyberattacks plaguing Indonesian institutions.
In June 2024, the LockBit ransomware group crippled the Temporary National Data Centre, encrypting critical datasets and disrupting immigration services for weeks.
Earlier, hacker “Bjorka” leaked 1.3 billion SIM card registration records in 2022, exposing systemic gaps in data protection frameworks.
Such incidents have amplified calls for accountability, culminating in the resignation of Semuel Abrijani Pangerapan, Indonesia’s Director General of Informatics, following public outrage over inadequate breach response protocols.
Government Response and Regulatory Challenges
Despite enacting its first data protection law in 2022, Indonesia struggles to enforce compliance across its sprawling bureaucracy.
The Communications Ministry, which oversees SICANTIK, has yet to confirm the breach’s scope but announced an audit of cloud security configurations.
Experts like Beltsazar Krisetya of the Centre for Strategic and International Studies argue that underfunded cybersecurity initiatives and reliance on legacy systems leave agencies exposed to advanced persistent threats (APTs).
Recommendations and Path Forward
Fortinet researchers advocate for zero-trust architectures and multi-factor authentication (MFA) to mitigate unauthorized access.
Meanwhile, integrating SICANTIK with Indonesia’s National Cyber and Crypto Agency (BSSN) monitoring tools could enhance threat detection.
For citizens, vigilance against phishing attempts and regular password updates remain critical.
This breach highlights the urgent need for Indonesia to prioritize cybersecurity modernization, particularly as it pursues ambitious digital transformation goals.
Without robust investments in encryption, workforce training, and third-party risk management, the nation’s public sector systems will remain vulnerable to escalating cyber threats.
Also Read:
%20(1).webp?w=1200&resize=1200,0&ssl=1&description=allegedly%20includes%20sensitive%20personnel%20records,%20confidential%20communications%20with%20foreign%20intelligence%20agencies,%20and%20internal%20operational%20files.){kind=link}