A significant data breach has allegedly hit PT Bank Perkreditan Rakyat (BPR) Serang, a regional development bank based in Serang, Indonesia. A threat actor has posted a database containing sensitive customer and loan information for sale on a dark web forum. The bank, which operates as a Regional Owned Enterprise (BUMD), plays a crucial role in the local economy by providing financial services, primarily to civil servants and private sector employees in the Banten province.
The breach exposes highly sensitive financial and personal data of the bank’s customers. The actor behind the sale released a sample of the data to prove the authenticity of their claims. The compromised information appears to be recent, with data entries dated as recently as mid-July 2025. This incident raises serious concerns about the security of financial data held by regional institutions and the potential for financial fraud and identity theft targeting the affected individuals.
The leaked database allegedly contains a wide array of personally identifiable information (PII) and financial details. The data fields listed for sale include:
- Full Name (NAMA)
- Address (ALAMAT)
- Phone Number (NO HP)
- National Identity Number (NIK)
- Place of Work (TEMPAT BEKERJA)
- Loan details including amount (PLAFOND), outstanding debt (BAKIDEBET), interest rate (BUNGA), and payment status.
- Loan product details and account officer information.
- Various internal codes such as branch, loan, and customer IDs.
