FB Pixel no scriptIndonesian fintech Cermati reports data breach, 2.9 million users affected | KrASIA

Indonesian fintech Cermati reports data breach, 2.9 million users affected

Written by Ursula Florene Published on   2 mins read

Data stolen from the site, which includes sensitive information such as tax registration and national ID numbers, is now being sold online.

Indonesian fintech aggregator platform Cermati reportedly had 2.9 million of its users data leaked and sold in a hacker forum. This is the latest case of data breach plaguing Indonesian startups.

The issue was first raised by cybersecurity consultant and founder of Ethical Hacker Indonesia Teguh Aprianto on Twitter. According to him, leaked data includes users’ full names, e-mails, addresses, phone numbers, bank accounts, occupations, taxpayer registration numbers (NPWP), national ID numbers, and more. Aprianto added that the data was sold for USD 2,200 in hacker forums.

Cermati allows loan and credit card application from its platform, which makes the data breach more concerning. Screenshot from Cermati.com.

Besides providing financial product comparisons, Cermati also facilitates loan and credit card applications and bill payments from its platform, which has led to a variety of personal information being stored in its database.

Cermati didn’t immediately respond to KrASIA’s request for comment.

However, the company sent an e-mail blast to users on October 31. It didn’t address the data breach issue, but warned that there was an unauthorized access into the company’s platform, which stores users data. The e-mail stated that Cermati had taken countermeasures to improve its security system, such as contacting the National Cyber and Encryption Agency (BSSN) for investigation and consulting external cybersecurity experts for system upgrades.

The e-mail also encouraged users to renew their password and activate the two-factor authentication (2FA) feature to block unauthorized access.

Indonesian startups have been known to face difficulties in battling data hacks. In May, Indonesian e-commerce unicorn Tokopedia allegedly had 15 million of its users’ data published on a hacker site called “Raid Forum”. Other platforms that have had problems with scammers are travel tech provider Tiket and O2O platform Kudo (now GrabKios by Kudo).


Auto loading next article...