Cybersecurity researcher and consultant Teguh Aprianto first revealed the cyberattack on Wednesday through his Twitter account @secgron.

Among the leaked data are full names, passport numbers, expiry dates, dates of birth and gender of 34.9 million Indonesian passport holders. The 4-gigabyte-data was offered for US$10,000.

Bjorka also offered 1 million samples of the stolen data in a hacker platform, showing passport data taken between 2009 and 2020. “It looks like the data is valid judging from the given sample,” Teguh wrote.

The Communications and Information Ministry launched an investigation on Wednesday night to verify the reported breach on personal data from 34.9 million Indonesian citizens’ passports.

But the ministry could not confirm there had been “a breach of the massive amount of personal information” as reported, said the ministry’s Applications and Informatics Director General Semuel Abirjani Pangerapan in a statement.

Separately, the ministry’s Information and Public Communication Director General Usman Kansong said there were some differences in the data structure between Bjorka’s breached data with the ones kept in the national data center, as reported by Antara.