Brinztech Alert: Alleged Database of Bank Mandiri (Indonesia) is on Sale (3 Million Records)

Dark Web News Analysis

A threat actor on a monitored hacker forum is advertising the sale of a database purportedly belonging to Bank Mandiri, one of Indonesia’s largest state-owned banks. The dataset contains approximately 3 million records in CSV format.

Brinztech Analysis:

• The Target: Bank Mandiri holds a massive share of Indonesia’s corporate and retail banking market. A breach here is a systemic risk event for the national financial infrastructure.
• The Data: The leak is described as highly detailed, containing:
  • Financial Intelligence: Deposit Details (Balances/History), Account Types, and SWIFT Codes.
  • Identity & Contact: Full Names, Email Addresses, and Phone Numbers.
• The Timeline: The raw intelligence flagged the “2025” date as unusual. However, given today’s date (December 11, 2025), this indicates a fresh, active breach. The threat actor is likely selling “zero-day” data exfiltrated very recently.

Key Cybersecurity Insights

This alleged data breach presents specific, high-severity risks to Indonesian banking customers:

• “Nasabah Prioritas” (Priority Banking) Scams: The most critical risk comes from the exposure of Deposit Details. Scammers can filter the list to find high-net-worth individuals (Mandiri Prioritas).
  • Scenario: A victim receives a call from a “Mandiri Private Banker” offering an exclusive 8% interest bond. The caller knows the victim’s exact deposit balance, establishing immediate trust.
• Android APK Fraud (The “Undangan” Scam): In Indonesia, attackers weaponize leaked phone numbers to send malicious Android Package Kits (APKs) via WhatsApp.
  • Scenario: “Here is your digital wedding invitation”. When the victim installs the APK, it acts as a RAT (Remote Access Trojan), stealing mobile banking OTPs. 3 million fresh numbers provide massive fuel for these campaigns.
• SWIFT/International Wire Fraud: The inclusion of SWIFT Codes suggests the data might include corporate or expat accounts used for international transfers. Attackers could launch Business Email Compromise (BEC) attacks against companies, sending fake invoices that mirror legitimate international vendor payments.

Mitigation Strategies

In response to this claim, Bank Mandiri and its customers (Nasabah) must act immediately:

• Official WhatsApp Check: Customers should be reminded: Bank Mandiri only contacts you via their verified WhatsApp account (Green Tick). Any message from a personal number claiming to be a bank officer is a scam.
• Biometric Hardening: Users should enable fingerprint/FaceID login for Livin’ by Mandiri and disable SMS OTPs where possible to mitigate SIM swapping.
• Data Verification: Bank Mandiri’s CISO team needs to analyze the sample data to determine if this is a breach of the core banking system (CBS) or, more likely, a third-party marketing vendor or insurance partner.
• OJK Reporting: If confirmed, this falls under the jurisdiction of the OJK (Financial Services Authority) and the new Personal Data Protection Law (UU PDP). Mandatory notification protocols apply.

Secure Your Business with Brinztech — Global Cybersecurity Solutions Brinztech protects organizations worldwide from evolving cyber threats. Whether you’re a startup or a global enterprise, our expert solutions keep your digital assets safe and your operations running smoothly.

Questions or Feedback? For expert advice, use our ‘Ask an Analyst’ feature. Brinztech does not warrant the validity of external claims. For general inquiries or to report this post, please email us: contact@brinztech.com