A threat actor claims to have breached and is selling data from PT Surveyor Indonesia, a state-owned enterprise that provides surveying, inspection, certification, and consulting services. The company, founded in 1991, provides independent assurance services across various sectors.
The actor posted the alleged data breach on a dark web forum, claiming to have exported 50,211 records from the company’s systems.
According to the actor, the compromised data includes a wide range of client and corporate information. The database headers listed in the breach notification suggest the following types of information were exposed:
- Full names and display names
- Company addresses and location details (province, city, sub-district)
- Postal codes
- Telephone and fax numbers
- Email addresses
- Websites
- Client status and type
- Taxpayer identification numbers (NPWP)
- Internal identifiers (pic_id, user_id, client_id, etc.)
- Creation and update timestamps
