Indonesia’s national body responsible for new student admissions into state universities, the SNPMB (Seleksi Nasional Penerimaan Mahasiswa Baru), has allegedly become the victim of a significant data breach. A post has appeared on a dark web forum claiming to offer the student database from 2024.
The SNPMB is a critical institution within Indonesia’s education sector, handling the centralized selection process for students entering public higher education institutions. It manages a vast amount of sensitive personal information for high school graduates across the nation.
The alleged breach was announced via a post on an online forum known for trading illicit data. The individual behind the post claimed to possess a database containing sensitive details of students. Screenshots shared as proof allegedly show samples of the data, including:
- Full names
- National Student Identification Numbers (NISN)
- National School Identification Numbers (NPSN)
- National Identity Numbers (NIK)
The sample format also suggests that email addresses might be part of the compromised dataset. The actor accompanied the alleged leak with a message criticizing the Indonesian education system.
If confirmed, this breach represents a serious threat to the privacy and security of thousands, potentially hundreds of thousands, of Indonesian students. The inclusion of NIK numbers is particularly alarming, as these can be exploited for a wide range of fraudulent activities, including identity theft, loan applications, and targeted phishing scams.
