Brinztech Alert: Alleged Database of Bank Mandiri (Indonesia) is on Sale

Dark Web News Analysis

A threat actor on a known cybercrime forum is advertising the alleged sale of a database belonging to Bank Mandiri (bankmandiri.co.id), the largest bank in Indonesia in terms of assets, loans, and deposits. The dataset reportedly contains 18,118 records and is marketed as “clean Indonesian fullz.”

Brinztech Analysis:

• The Data: The leak is highly specific. It reportedly includes PII (Names, Phones, Emails) combined with Sensitive Financial Data (SWIFT codes, initial deposits, account fees, penalty records).
• The Claim: The threat actor explicitly claims the data was “directly extracted from bankmandiri.co.id systems,” suggesting a web application vulnerability (like SQL Injection or an insecure API) rather than a third-party vendor breach.
• The “2025” Timestamp: The dataset is marked with “Leak Year: 2025.” In the current threat landscape (November 2025), this indicates fresh, active data exfiltration, making the records highly actionable for criminals.
• Context: Indonesia is currently facing a systemic financial cyber-crisis. Recent reports (May 2025) rank Indonesia among the top 3 global targets for financial cyberattacks. This potential breach of a state-owned giant like Mandiri would be a critical escalation.

Key Cybersecurity Insights

This alleged data breach presents a critical threat to the bank’s customers and infrastructure:

• Extensive Financial & PII Exposure: The combination of SWIFT codes and account setup details (deposits, fees) is rare in standard consumer leaks. It allows attackers to understand the structure of the victim’s account, facilitating highly credible Bank Impersonation Scams (e.g., calling a victim to “refund a penalty fee” they actually incurred).
• “Fullz” Facilitating Sophisticated Fraud: The term “clean Indonesian fullz” implies complete identity profiles. Criminals use “fullz” to bypass security questions, reset PINs, or open fraudulent lines of credit (Pinjol – illegal online loans) in the victim’s name.
• Direct System Compromise Claim: The assertion of “direct extraction” is a serious claim against the bank’s perimeter security. If true, it implies the attacker has established persistence or identified a flaw that could allow for further, larger exfiltration.
• Anomalous Data Freshness: The “Leak Year: 2025” tag confirms the data is current. Fresh data commands a premium on the dark web because the contact details and account statuses are likely still valid.

Mitigation Strategies

In response to this claim, Bank Mandiri and its customers must take immediate action:

• Immediate Threat Validation: The bank must conduct an urgent forensic analysis of its web logs (bankmandiri.co.id) to validate the “direct extraction” claim. Look for anomalous API calls or SQL injection patterns correlated with the data fields listed (e.g., initial_deposit, penalty_fee).
• Enhanced Fraud Detection: Implement heightened monitoring for accounts listed in the sample data. Flag transactions involving international transfers (SWIFT) or unusual changes to contact information.
• Customer Communication: If validated, notify affected customers immediately. Warn them specifically about vishing (voice phishing) calls that may reference their exact account balance or recent fee charges to build trust.
• Strengthen Access Controls: Review all public-facing web applications. Ensure that APIs returning sensitive account data (like SWIFT codes or fees) are strictly authenticated and rate-limited.

Secure Your Business with Brinztech — Global Cybersecurity Solutions Brinztech protects organizations worldwide from evolving cyber threats. Whether you’re a startup or a global enterprise, our expert solutions keep your digital assets safe and your operations running smoothly.

Questions or Feedback? For expert advice, use our ‘Ask an Analyst’ feature. Brinztech does not warrant the validity of external claims. For general inquiries or to report this post, please email us: contact@brinztech.com