The LockBit ransomware group has released 1.5 terabytes of personal and financial data stolen from Bank Syariah Indonesia (BSI) after failed ransom negotiations. The group claims to have obtained records containing the personal and financial information of approximately 15 million BSI customers and employees. BSI, the country's largest Islamic bank, was formed in 2021 through the merger of three nationalized banks and serves nearly 18 million customers through over 1,100 branches.
Following the cyberattack, Bank Indonesia, the central bank of Indonesia, announced that BSI had successfully restored its real-time gross settlement, national clearing system, and Bank Indonesia Fast Payment services under its supervision. BSI President and CEO Hery Gunardi confirmed that ATMs and bank branch services were operational again and mentioned ongoing efforts to rebuild core banking and critical channels. Gunardi stated that the disruptions, which began on May 8, were a result of risk mitigation and maintenance activities in the bank's IT system, during which signs of a cyberattack were discovered. Consequently, several channels were temporarily shut down to ensure system security.
In response, LockBit accused BSI of dishonesty, alleging that the bank misled its customers and partners by attributing the disruptions to technical work. The ransomware group disclosed screenshots of their conversations with bank representatives from May 8 to May 13, indicating that BSI had initially considered paying $10 million to recover the stolen data. However, LockBit demanded $20 million and subsequently ceased communication.
Indonesian Vice President Ma'ruf Amin expressed concerns about the incident, describing it as a negative experience for the public. He urged BSI to enhance its technological infrastructure to prevent future cyberattacks.
We would like to suggest below link if you are more concern about your enterprises cyber security threat