Indonesia’s Nuclear Energy Regulatory Agency (BAPETEN), the primary governmental body responsible for overseeing the use of nuclear energy and ensuring radioactive material safety across the nation, has allegedly suffered a major data breach. Highly sensitive information, purportedly belonging to the agency, has been exposed and circulated online, raising significant concerns given BAPETEN’s critical role in national security and public safety.
The scale of the alleged breach appears extensive. The exposed data reportedly includes:
- Detailed action logs
- Information concerning nuclear materials
- Various application data, including submissions related to ports, internal messages, projects, nuclear reactors, and radioactive sources
- Data from dosage and radiation measuring equipment
- Extensive user and personnel records, allegedly containing names, National Identity Card (KTP) numbers, phone numbers, email addresses, physical addresses, usernames, and hashed passwords
- Document management system files, including document categories, inspection reports (MIR documents), and other supporting documents
- Invoice and billing details
- Survey data collected by the agency
- Operational support system (OSS) tokens
- User data related to permit access
- A variety of other internal system data pertaining to inspections, material classifications, and operational tasks.
This compromised information was allegedly made available for download via an online posting. The nature of the data, particularly from an institution integral to managing nuclear safety and sensitive materials, poses substantial risks. These could range from identity theft and targeted attacks against individuals to potential exploitation of operational vulnerabilities, highlighting the urgent need to address the implications of this alleged security incident.
