BCA Assures Customer Data Is Safe, Denies Breach Rumours on Social Media

JAKARTA — PT Bank Central Asia Tbk (BCA) has said that customer data remains secure and has rejected widespread claims of a data breach circulating on social media. The group said an internal investigation found no match between data circulating online and its database.

Hera F. Haryn, Executive Vice President of Corporate Communications and Social Responsibility at BCA, said the bank had conducted a thorough tracing of the breach claims. The results show that no customer data was leaked from the company’s systems.

‘We have conducted a thorough investigation and have confirmed that there is no data breach from BCA’s systems,’ Hera said when contacted by Kompas.com on Thursday (21 May 2026).

She stressed that BCA continues to strengthen its data-protection measures by applying layered security standards and risk mitigation to safeguard customers’ digital transactions.

Therefore, Hera urged customers not to panic about information that has not been verified.

‘We can confirm that the information is not true. We assure that customer data remains safe,’ she said.

Customers are advised not to share confidential data such as BCA ID, password, One Time Password (OTP), or Personal Identification Number (PIN) with anyone.

In addition, customers are advised to regularly change their PIN and password to enhance account security.

The data-breach issue arose after the X social media account @DailyDarkWeb posted a screenshot of a forum showing samples of data claimed to belong to BCA customers.

In the post, it was stated that a dataset titled ‘BCA Mobile Bank Access & Database’ was being offered and claimed to target banking customers in Indonesia.

Nevertheless, the @DailyDarkWeb account also stated that the claims could not be proven and remained speculative.

‘At this time, the claims should be treated as alleged until independently verified,’ the account wrote.