Brinztech Alert: The Alleged Database of Tax Directorate General is Leaked

Dark Web News Analysis

The dark web news reports a potentially massive data breach involving the Tax Directorate General (likely referring to the Direktorat Jenderal Pajak – DJP in Indonesia, given the specific data fields). A threat actor on a hacker forum claims to possess the “complete” database and has shared a sample file containing 10,000 records to verify the theft.

The compromised dataset allegedly includes highly sensitive administrative and personal data. The leaked fields include National Identification Numbers (NIK), Taxpayer Identification Numbers (NPWP), Full Names, Physical Addresses, Dates of Birth, Contact Details, and Taxpayer Status. The claim of holding the “complete” database suggests the total volume could impact millions of citizens and businesses.

Key Cybersecurity Insights

Breaches of national tax authorities are among the most critical forms of data compromise due to the irrevocable nature of the leaked IDs:

• Identity Theft & Financial Fraud:

The combination of NIK (National ID) and NPWP (Tax ID) is the “Gold Standard” for financial identity in the region. Criminals can use this paired data to apply for fraudulent loans, open bank accounts, or bypass “Know Your Customer” (KYC) checks at financial institutions that rely on tax data for verification.

• Targeted Tax Phishing: With access to Taxpayer Status and contact info, attackers can launch highly effective phishing campaigns. Victims may receive emails posing as the Tax Directorate claiming: “Your tax return is overdue. Please pay the fine immediately to avoid legal action.” Because the email contains the victim’s real NPWP and address, it appears legitimate.
• Corporate Espionage: If the “complete” database includes corporate tax records, it could expose sensitive business information, turnover data, and executive contact details, facilitating Business Email Compromise (BEC) attacks against private companies.
• Data Permanence: Unlike a credit card number, a NIK or NPWP cannot be easily changed or cancelled. This means the victims in this database face a lifelong risk of their identity being misused.

Mitigation Strategies

To protect taxpayers and national infrastructure, the following strategies are recommended:

• Credential Stuffing Monitoring: Organizations should monitor for credential stuffing attacks against tax portals. While the leak focuses on PII, attackers often test associated emails against login pages.
• Phishing Awareness: The Tax Directorate should issue an immediate public advisory warning taxpayers that official tax communications never ask for immediate payment via email links.
• Enhanced Identity Verification: Financial institutions and government agencies should implement Multi-Factor Authentication (MFA) and biometric checks for any service that currently relies solely on NIK/NPWP for identity verification.
• Stakeholder Notification: While investigating the validity of the “complete” database claim, the agency must notify the 10,000 individuals in the sample file that their data is definitely compromised.

Secure Your Business with Brinztech — Global Cybersecurity Solutions

Brinztech protects organizations worldwide from evolving cyber threats. Whether you’re a startup or a global enterprise, our expert solutions keep your digital assets safe and your operations running smoothly.

Questions or Feedback?

For expert advice, use our ‘Ask an Analyst’ feature. Brinztech does not warrant the validity of external claims. For general inquiries or to report this post, please email us: contact@brinztech.com