Police arrest syndicate issuing illegal SIM cards using personal data

Surabaya (ANTARA) - The East Java Regional Police’s Cyber Crimes Directorate has arrested a syndicate issuing illegal subscriber identity module (SIM) cards that used other people’s personal data for selling one-time password (OTP) codes for various digital applications.

“Data has become a highly valuable strategic asset. The development of communication technology not only changes the way humans interact but also shapes patterns of social, economic, and security life,” said the Head of Public Relations for the East Java Regional Police, Commissioner Jules Abraham Abast, during a press conference at the East Java Police Headquarters in Surabaya on Tuesday.

Jules stated that the threat of personal data misuse can cause widespread harm to society, both psychologically and materially.

“Protecting personal data is not just a technological issue, but also concerns the basic rights of citizens to safety and privacy protection,” he said.

The Director of Cyber Crimes for the East Java Regional Police, Senior Commissioner Bimo Ariyanto, said the case was uncovered after investigators detected suspicious activity from the FastSim website selling cheap OTP services.

“Around April, the Cyber Directorate sniffed out a website called FastSim selling SIM cards at very low prices,” Bimo said.

Investigators then arrested three suspects with initials DBS, IGVS, and MA in Bali and South Kalimantan.

DBS is known to have created the FastSim website and managed the modem pool to produce and sell OTP codes using SIM cards registered with other people’s data.

IGVS acted as admin and customer service, controlling the website and OTP service stock, while MA was responsible for registering SIM cards using other people’s identities.

In uncovering the case, police seized 33 modem pools, 11 laptops, eight boxes of SIM cards, three monitors, two PCs, two mini PCs, and 25,400 SIM cards suspected of being registered using public personal data.

Bimo explained that the perpetrators had been running the OTP sales business since September 2025 to access various digital applications such as WhatsApp, Instagram, Telegram, and Shopee.

“Suspect DBS has been creating OTP codes for several applications including WhatsApp, Instagram, Telegram, Shopee, and other social media since September 2025,” he said.

According to him, buyers do not receive physical SIM cards because after payment via the FastSim website, customers immediately receive OTP codes for digital account activation.

“When they buy through FastSim, they are then given OTP codes and can directly access social media, for example WhatsApp and so on, without receiving a physical SIM card,” he said.

OTP codes were sold from Rp500 to Rp8,000 per code, with the syndicate’s total profits estimated at Rp1.2 billion since December 2025.

The East Java Regional Police suspect the service was used to support various cybercrimes such as online fraud, phishing, money laundering, illegal online loans, SIM swapping, and creating fake accounts.

“We strongly suspect these are SIM cards used by scammers and other cyber criminals,” Bimo said.

Investigators are also probing the origin of the personal data used for SIM registration and suspected involvement of mobile operator personnel.

“Personal data was taken from an application called script. We are still investigating who entered the personal data into that application,” he said.

For their actions, the suspects are charged under Article 51 paragraph (1) in conjunction with Article 35 of Law Number 11 of 2008 on Electronic Information and Transactions as amended by Law Number 1 of 2024 on ITE.

“They face a maximum penalty of 12 years in prison and fines up to Rp12 billion,” Bimo said.