A threat actor has allegedly put a sensitive database belonging to the Karunia Group up for sale on a dark web forum. The victim, Karunia Group, is a prominent mining company based in Indonesia. According to the post made on a hacking forum, the data was exfiltrated in July 2025 and contains a vast trove of personal and recruitment documents pertaining to applicants. The seller has listed the data for approximately $700, payable in Bitcoin ( BTC).
The data, presented in SQL, PDF, JPG, and DOCX formats, appears to be a complete export from the company’s internal Human Resources (HR) web platform. The threat actor claims the dump is ideal for malicious activities such as identity fraud, KYC (Know Your Customer) abuse, and targeted phishing campaigns. The sheer breadth of the allegedly leaked personal identifiable information (PII) poses a significant risk to the individuals whose data has been compromised.
The seller provided a detailed list of the information contained within the breached database, which allegedly includes:
- Full applicant database from the internal HR system
- Full names, national ID numbers (KTP), and family card numbers (KK)
- Scans of driver’s licenses (SIM), tax ID numbers (NPWP), diplomas, police clearance certificates (SKCK), and final exam results
- Health and employment insurance numbers (BPJS)
- Personal details including birthplace, date of birth, religion, and marital status
- Phone numbers and email addresses
- Complete home and domicile addresses
- Emergency contact information
- Resumes (CVs), application forms, and full recruitment history
- Internal metadata such as applicant and candidate IDs
