Bjorka, the hacker who previously made headlines in Indonesia during 2022 and 2023, has resurfaced, now using an X account to warn that several major Indonesian private and state-owned banks are potential targets of ransomware attacks, Indonesia Business Post reported. The institutions mentioned include BCA, BNI, BSI, Bank Mandiri and the Central Bank (BI).

Ransomware is malicious software designed to encrypt data on networked or individual devices, effectively locking users out until a ransom is paid.

Last week, an X account under the name @bjorkanesiaaa claimed that BCA faced an imminent data breach unless immediate action was taken. The following day, Bjorka reinforced the warning, stating that if security concerns were dismissed as misinformation, the consequences would soon be evident.

The hacker alleged that the ransomware group had obtained access to 890,000 customer records and 4.9mn databases from BCA, while also claiming access to BSI data. However, no specific hacker group was identified. A screenshot shared by Bjorka appeared to show an account named ‘Sky Wave’ selling what was purported to be BCA customer data on the dark web.

In response, BCA’s Executive Vice President of Corporate Communication and Social Responsibility, Hera F. Haryn, assured that customer data remained secure. She urged customers to remain vigilant against scams exploiting the bank’s name to obtain sensitive financial information. To mitigate potential threats, customers were advised to safeguard credentials such as IDs, passwords, OTPs, and PINs while regularly updating them. BCA also reaffirmed its commitment to strengthening security through a multi-layered defence system.

Bjorka has been linked to multiple high-profile data breaches, including leaks involving Indihome, state-owned enterprises like PLN and Jasa Marga, and telecommunications operators such as Telkomsel, Indosat, Tri, XL and Smartfren. The hacker has also claimed responsibility for exposing confidential information from government agencies, including the General Elections Commission (KPU) and secret documents related to President Joko Widodo.

The leaked data, some of which reportedly spans from 2017 to 2020, is suspected to have been traded on hacking forums. Bjorka previously disclosed 2mn samples of stolen information, further fueling concerns over Indonesia’s cybersecurity vulnerabilities.

In September 2024, Indonesia's Finance Minister, Sri Mulyani Indrawati, directed the tax authority to conduct an internal investigation following reports of a major data breach affecting around 6mn taxpayers, including President Joko Widodo and other high-ranking officials, BNO reported. The compromised data is allegedly being offered for sale on the dark web by a hacker known as Bjorka, with a price tag of $10,000.