Kreditplus 2020 Data Breach

Kreditplus 2020 Data Breach: 769,000 Indonesian Finance Customers Exposed

Financial Services / Consumer Finance / Consumer

Kreditplus 2020 Data Breach: 769,000 Indonesian Finance Customers Exposed

Indonesian consumer-financing company.

Confirmed · ObscureIQ Intelligence
Limited DisclosureThis breach is handled differently. Because being connected to it can itself be sensitive, we do not confirm anyone’s presence publicly. Use the private exposure check at the bottom of this page.
Breach Risk Index i
44/100
Lower riskHigher risk
Moderate: notable exposure with meaningful misuse potential.
Data Sensitivity i
Restricted
Being associated with this breach can itself be harmful. Disclosure is limited and presence is not confirmed to unverified parties.
769KRecords
2020Year

The Breach Risk Index (BRI) is a proprietary 0–100 score rating how dangerous a breach is right now, based on how recently the data has been circulating on the dark web and how valuable it is to attackers.

Crucial data exposed
AddressPhysical address
Classification Tags
Cloud MisconfigurationFinancial Services2020

Breach Summary

In June 2020 a Kreditplus breach exposed about 769,000 users; compromised data included email addresses, first and last names, gender, dates of birth, income and family/financial profile information.

Full threat analysis, exploitation vectors, and principal guidance below.

10 additional sections · verified field analysis · defensive doctrine

Querying breach corpus…
Cross-referencing exposed field types…
Resolving threat-actor attribution…
Compiling principal risk advisory…

769K records analyzed

About Kreditplus

Kreditplus is an Indonesian consumer-financing company providing installment lending and related financial products.

Why They Hold Your Data

A consumer-finance company holds customer identity and contact data, dates of birth, gender, income and family/financial details.

Recent Developments

A June 2020 breach of Kreditplus data was leaked and sold on hacker forums, prompting a government inquiry.

Data Points Exposed

15 verified field types
Cost Of Living Data
Date of Birth High
Email Address
Employer
Family Structure
Financial Profile
Full Name
Gender
Mothers Maiden Name High
Phone Number
Physical address High
Places Of Birth
Relationship Status
Religion
Spouse Name

Breach Impact

The leak drew Indonesian regulatory scrutiny of the company's data handling.

Exploitation & Downstream Threats

• Financial fraud using exposed financial profile data | • Identity verification bypass using name + date of birth combination | • SIM swap attacks where phone numbers are present | • Targeted phishing campaigns using exposed email addresses | • Doxxing risk from physical address exposure | • Employment-based social engineering using job and employer data

Principal Risk Advisory

What this means for a principal

A financial-institution breach: account, wealth or payment data supports direct fraud and highly credible financial-impersonation scams. For a high-profile principal this is targeting-grade, not merely identity-theft-grade: the combination lets an adversary locate, impersonate, or pressure the principal with little additional work.

What You Should Do

  1. Treat the home address as exposed: review mail and package handling and physical-security routines, and brief household staff to verify unusual requests.
  2. Guard against SIM-swap and vishing: add a carrier port-out PIN and verify any 'support' calls independently.
  3. Do not use unofficial 'am I affected' lookups; several are themselves harvesting operations.

How ObscureIQ Can Help

  1. Corpus confirmation: determine whether and where the principal (plus household and staff) appear in this dataset and which specific fields are exposed for them.
  2. Exposure mapping and footprint neutralization: cross-reference against broker-available data and suppress still-removable elements, prioritizing address and phone, since this record re-seeds broker networks.
  3. ThreatWatch tuned to this incident's identifiers and misuse pattern (impersonation and targeting patterns, not generic credential monitoring).

Protect Yourself

Protect Yourself: Limited Disclosure

Check If You’re Affected: Verification Required

Because being associated with this breach can itself be harmful, we do not confirm whether anyone appears in it to unverified parties. Verify your identity to privately check whether your own data appears in this breach or related indexes.

We will only reveal whether a specific person appears in this breach to that person.

Get Free Breach Alerts

Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.

High-Risk? Get an Exposure Audit

Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.

Request Consultation