A hacker forum user was found offering the details of Bank Central Asia account holders. However, a Bank Central Asia Data spokesperson told The Cyber Express that the data on the hacker forums do not match their data set.
Bank Central Asia (BCA) is one of the largest private banks in Indonesia with an asset of Rp 1.29,83 trillion as of 2022. BCA is also called PT Bank Central Asia Tbk.
Bank Central Asia data breach: Strong claims
Threat intelligence service Falcon Feeds tweeted the below screenshot, suggesting that Bank Central Asia data breach might have happened.
“Today, I’m providing access to any BCA Bank account. Just give me Account ID (Account number? The numeric only one) and the Person Full Name,” the user going by the name ‘Verified Gangsta’ wrote on the hacker forum.
The hacker forum user further added, “Starting from $500 (price may depend on how famous this person are or how many balance they have,” likely suggesting that they will offer $500 as a reward to anyone approaching them with login credentials.
The user also stated that the method employed by them for gaining further sensitive information from the BCA Bank included hidden software and insider threats.
The information-stealing software or the insider would offer the asked information depending upon the requests made to them.
In a previous tweet made by Falcon Feeds, it was clarified that the user on the hacker forum was claiming to sell credit card databases from the Bank Central Asia data breach.
The above screenshot of the hacker forum made on July 32, 2023 claimed that the date of the data leak was 22 July 2023.
The post claiming the Bank Central Asia data Breach read that the user was in possession of 6.422.137 data records as shown in the screenshot above.
The user also posted screenshots of the sample data exfiltrated after the Bank Central Asia data breach.
The hacker claimed that the samples contained addresses of account holders, emails, and phone numbers among other details allegedly obtained after the Bank Central Asia data breach.
Hacker Forum post claiming to have data from the BCA Bank (Photo: ThreatMon/ Twitter)Another Cyber Threat Intelligence platform ThreatMon posted the above screenshot that stated the hacker forum user claimed to have possession of the following data from the alleged Bank Central Asia data breach.
- Ticket ID
- Residence address
- Phone number 1
- Phone number 2
- Phone number 3
- Date of applying
- Area code
- Office location
After making the above claims, the hacker forum user claimed not selling any confidential ID and placed their contact URL for buyers to get in touch with them.
Bank Central Asia data breach: Officially denied
The website was accessible at the time of writing after the alleged Bank Central Asia data breach . The Cyber Express emailed the BCA bank seeking confirmation about the claims and impacted systems. This is what they wrote back to The Cyber Express –
BCA always safeguards data by implementing a layered strategy and security standards,” the BCA Bank spokesperson wrote.
“We would like to inform you that in connection with the information circulating which is claimed to be credit card data from BCA, we have checked, and the data which is claimed to be circulating is different from the data owned by BCA.”
The BCA Bank spokesperson urged its users via The Cyber Express to protect their confidential data and to check for official communications from the bank alone.
To share their official contact details, they wrote, “Please kindly note that Halo BCA phone number is only 1500888 without additional prefix number or character and our WhatsApp number is 08111500998 with green tick verification.”
PT Bank Central Asia recently announced that it recorded a net profit of Rp24.2 trillion in the first half of 2023. The President Director of BCA, Jajha Setiaatmadja addressed the major achievement during the bank’s public expose on July 24.