About Us
Information
Article ETHIS
Not Just a Bluff, LockBit Spreads BSI Customer Data
Published on 16 May 2023
Admin Relations
Not Just a Bluff, LockBit Spreads BSI Customer Data
All services of PT Bank Syariah Indonesia (BSI) are known to have experienced disruptions from May 8 to 11, 2023. BSI had argued that the disruption to the system was because BSI was conducting maintenance on its system. After several days, the service did not improve, finally SOE Minister Erick Thohir admitted that there was a cyber attack on the BSI system.
It was later discovered that the group responsible for this cyberattack was the LockBit 3.0 ransomeware hacking group. They stated that they had carried out an attack on the BSI service system and stolen 1.5 terabytes (TB) of customer data resulting in system disruption.
Previously, a hacker group called LockBit had asked BSI to contact them within 72 hours to resolve the problem. This LockBit hacker group threatened to spread the data, this threat is not just a bluff. Reportedly they have now spread BSI data on the dark web. The Fusion Intelligence Center account @darktracer_int revealed, "The negotiation period has ended, and the LockBit ransomeware group has finally published all the data stolen from Bank Syariah Indonesia on the dark web."
LockBit also provided a note addressed to BSI customers who were victims of the hack.
1. Very Important, stop using BSI. These people have no idea how to protect your money and personal information from criminals. They can't even get their site up in a week. The best these petty criminals can do is lie to their clients' faces, delete comments on Twitter, and grow a belly.
2. Ask your family and friends to stop using BSI. This is an equally important point because our warnings about the irresponsibility of this bank will not reach all BSI customers.
3. BSI must compensate you for the trouble you have caused. If you find a single line about yourself (you will) - go to court, file a class action lawsuit against BSI. They are violating data privacy laws by leaking information and making you wait and worry while the "technical work" is going on, when they can pay us and it will work the same day.
To date, BSI has stated that customer data and funds remain safe so there is no need to worry about the confidentiality of customer data and loss of funds. However, BSI still urges customers to do things like change passwords and also enable 2 Factor Authentication on mobile banking applications when logging in to reduce the vulnerability of data breaches.
PT. ETHIS FINTEK INDONESIA
Rukan Puri Mansion block B no. 7 Outer Ring West Kembangan Street, RT.2/RW.1, South Kembangan, Kembangan District, Special Capital Region of Jakarta 11610
Customer Service: support@ethis.co.id
Operational Hours: 09.00 - 18.00 WIB
Licensed & Supervised By
Part Of:
Tersertifikasi:
Protected By:
Notes:
1. Tech-based Islamic Financing service (P2P Financing) is a civil agreement between Funder and Beneficiary, in which all risks are charged to all parties.
2. Payment failure is charged to the Funder, except for fraud case and mismanagement. Beneficiaries are imposed if fraud and mismanagement happens as in Risk Sharing terms based on Islamic Principles. There is no national institution or authority that is responsible to financing risk or payment failure or compensating on any parties including loss, failures, fees or consequences after.
3. The platform with agreement from all respective users (funders and/or beneficiaries) accesses, gains, stores, manages and/or uses users’ personal data (Data Utilization) on or in the objects, electronic devices (including smartphones or cellular phones), hardwares or softwares, electronic documents, applications or electronic systems belong to Users or managed by Users, upon the information of aims, limitations and mechanism of Data Utilization to the Users before the approvals.
4. Funders with limited knowledge on this financing are suggested not to use this service.
5. Beneficiaries are obliged to consider return rates/margin/service fee and other fees according to the ability to repay the financing.
6. Each fraud is recorded electronically in cyberspace and easily recognized by public through social media.
7. Users should read and understand this information before deciding to be a Funder or Beneficiary.
8. Government as in this case is Otoritas Jasa Keuangan (OJK) / Financial Services Authority is not responsible for violation or disobedience of users, Funder and Beneficiary (intentionally or unintentionally) against terms and conditions or agreement or attachment between the platform and Funder and/or Beneficiary.
9. Each transaction and financing activities, funding, financing or enforcement agreement regarding financing between or involves the Platform, Funder, Field Partner and/or Beneficiary should happen through escrow account and virtual account as stated in OJK regulation No. 77/POJK.01/2016 about Tech-Based Financing Services.
