Indonesian Furniture Giant Wisanka Hit by Massive 27GB Data Breach on Dark Web

A prominent Indonesian furniture manufacturer just had its entire operational blueprint stolen. Wisanka Indonesia, officially known as PT. Wirasindo Santakarya is allegedly facing a serious data breach that exposes decades of business intelligence. For $1,500, anybody can purchase the data that was stolen from Wisanka on darknet websites.

Additionally, Wisanka is not just a small workshop; they have been operating in Indonesia’s wood industry since 1993 and are an important part of it. They have multiple factories in Central and West Java where they manufacture and export wood, synthetic, and natural furniture to customers worldwide (e.g., hotels, villas, restaurants, and wholesalers). They are also a company that possesses key certifications (SVLK, FSC) and additionally appears to ship several containers of furniture every month.

What the Bad Actors are Monetizing

The threat actor posted the data on a dark web forum and referred to it as “Fully Internal/Operational.” The “fully internal operational” data contained detailed information about Wisanka’s supply chain, predication processes, and proprietary designs (for example, styling and dimensions) of furniture made by Wisanka.

The actor specifically pitched the data as useful for competitors or industry researchers. That’s a chilling prospect for Wisanka. Their entire competitive advantage could be up for grabs.

The stolen files paint a complete picture of Wisanka’s operations. Technical product designs include detailed PDFs of furniture from their BATIK and VEDIC series. These entailed dining tables, beds, cabinets, chairs, as well as TV stands. The actor claims these designs are detailed enough for direct reproduction.

Financial and export documents from 2019 to 2020 are included in the leak. These files contain invoices and packing lists showing transactions with Japanese customers. Specific clients mentioned include companies in Coriage, Osaka, Nagoya, and crew. The documents reveal prices and order volumes, giving competitors direct access to Wisanka’s pricing strategies.

Certification reports from 2023 are also compromised. SVLK reports, which verify legal wood certification, appear in the dataset along with wooden panel lists and tally sheets. These documents also include raw material purchases for items like papan (planks) and log bulat (round logs).

Supply chain data extends up to 2024. Internal wood purchase files, sawmill invoices, and nota angkutan (transport notes) expose Wisanka’s entire procurement network. This information reveals who they buy from, how much they pay, and how they move materials.

A Goldmine for Competitors

The forum post shows screenshots of actual company documents. One image displays a table with Wisanka’s company information, including their full legal name, PT. WIRASINDO SANTAKARYA and their address in Kawasan Industri SIMAS, Kaliwungu, Kendal, Semarang, Kalijambe, Sragen, Central Java.

In addition to the government forestry document mentioned above, there is a second screenshot of what appears to be a government forestry document entitled “LAPORAN MUTASI HASIL HUTAN OLAHAN KAYU (LMHHOK).

This document, dated August 2023, lists provinces such as JAWA TENGAH being listed as well as locations like SUKOHARJO, with Wisanka Kalijambe being identified. The compromise of such official paperwork echoes a broader trend of sensitive government documents being exposed, similar to the recent leak of Bangladeshi passports and IDs through a fake portal. The presence of these official government documents illustrates both the broad scope and level of severity associated with the breach of information.

The threat actor is asking for $1,500 USD for the complete dataset. That’s remarkably cheap for what amounts to a company’s entire operational blueprint. For that price, competitors could access years of proprietary designs, understand Wisanka’s pricing models, identify their suppliers, and potentially poach their customers.

The Fallout for Indonesian Industry

This breach represents more than just stolen files. It’s a complete exposure of a mid-sized manufacturer’s business intelligence. “The data is fully internal and operational, including proprietary designs, old financial information, and wood supply chain details,” the threat actor explained in their post. “Useful for those working in the furniture industry, competitors, or interested in Indonesian supply chain information.” This attack follows a concerning pattern of threat actors targeting manufacturing firms in developing economies, as seen in the recent breach of a Pakistani manufacturer, where hackers sold not just data, but direct VPN and admin access to the company’s network.

For Wisanka, the damage could be substantial. Competitors can now reproduce their furniture designs without investing in research and development. They can undercut Wisanka’s prices to Japanese customers because they know exactly what Wisanka charges. They can even approach Wisanka’s suppliers directly.