Purbaya’s Bold Move: Ethical Hackers Join Coretax Security Team
Purbaya’s Bold Move: Ethical Hackers Join Coretax Security Team
Industry Updates

By Patricia A. Pramono • Studio 1080, Published on November 11, 2025

TABLE OF CONTENTS

SHARE THIS ARTICLE

For some time, Indonesians have questioned the safety of their personal data stored in the government’s online tax platform, Coretax. Reports of data breaches and system vulnerabilities have sparked one crucial question, is our information really safe?

Now, the Ministry of Finance seems ready to answer that question, in quite an unexpected way. Minister Purbaya Yudhi Sadewa recently announced that his team is working with ethical hackers to help identify and fix security flaws in Coretax (DDTC News, 2025; Tempo, 2025).

Understanding the Ministry’s Decision to Work with Hackers

At first glance, the move sounds risky. The word hacker itself often triggers fear, associated with data theft, cybercrime, and system breaches. But this time, the hackers are on the government’s side.

These are ethical hackers, or white-hat hackers, which are cybersecurity experts who simulate real cyberattacks to uncover vulnerabilities before the criminals do. It’s a practice that has long been adopted by major tech companies and global institutions to strengthen their defense systems (Telkom University, 2025).

In simple terms, they’re the good guys, using hacking skills for protection instead of exploitation.

.

As Minister Purbaya put it, when his team realized how quickly these hackers could breach systems, he decided to bring them in rather than fight them. “If we can’t beat them, we embrace them,” said Purbaya. “They’re good, we give them space to help strengthen Coretax too.” (DDTC News, 2025)

Inside Coretax’s Cybersecurity Fix

Coretax, short for Core Tax Administration System, was launched in early 2025 to modernize Indonesia’s tax administration and integrate all taxpayer services under one digital roof

But shortly after its rollout, it faced technical issues and even reports of data leaks (IKPI, 2025).

To address this, the Ministry of Finance brought in local cybersecurity experts and top-ranked ethical hackers to stress-test and reinforce the system’s security architecture. The results were promising.

Purbaya claimed Coretax’s cybersecurity rating jumped from “30 out of 100” to an A+, thanks to these local experts and ethical hackers (IKPI, 2025).

“We hired local specialists, not just government technocrats but independent cybersecurity experts,” he said. “Now, Coretax’s security is almost perfect, from grade D to A+.”

This marks a big step forward not only for the system itself but also for Indonesia’s broader digital infrastructure. The project’s success could reshape how other ministries and agencies approach cybersecurity in the future (Tempo, 2025).

Fixing Coretax Still Needs More Time

Despite these improvements, Purbaya admitted that the work is far from over. According to Bloomberg Technoz (2025), his team has resolved issues in the upper and middle layers of the system, but challenges remain in the programming and operational layers.

One of the main obstacles is access to Coretax’s source code, which is still under contract with the original vendor, LG. Because of this, the ministry can’t yet fully control or optimize the system.

We still don’t have access to some parts under contract with LG,” said Purbaya. “Once we get that by December, we can move faster. Hopefully by February 2026, everything will be stable.” (DDTC News, 2025)

This dependency highlights a recurring problem in government IT projects (vendor lock-in) where ownership and control over the technology remain outside the government’s hands.

What This Means for Indonesia’s Cyber Future

Hiring hackers reflects a much-needed shift in mindset. In a country that has experienced multiple high-profile data breaches, the Ministry of Finance’s decision signals a growing issue.

Data security isn’t just about technology, it’s about public trust,” Purbaya emphasized (IKPI, 2025).

If this initiative succeeds, Purbaya plans to recommend similar collaborations to other ministries and even the banking sector, potentially setting a new precedent for how government institutions handle cybersecurity (Tempo, 2025).

For both public and private organizations, this marks a reminder that strong cybersecurity isn’t built after an incident, it’s built ahead of one. In today’s digital age, proactive defense is the only sustainable defense.

Working with ethical hackers, security analysts, and trusted cybersecurity partners to identify vulnerabilities before attackers do isn’t a weakness, it’s a sign of maturity.

Conclusion

This Coretax initiative is more than just a system fix, it’s a case study in evolving digital governance. As cyber threats become more complex, governments and businesses alike will need to rethink how they build resilience. Sometimes, that means redefining what a “hacker” really is, as an ally.

Cybersecurity doesn’t start with technology, it starts with awareness. If your organization wants to take a proactive step toward stronger data protection, our experts at Cisometric are here to help.

Book a free consultation with our experts today, click here.

For more updates on digital scams, cybersecurity insights, and expert tips, follow our social media:

LinkedIn: Cisometric

Instagram: @cisometric

Youtube: @Cisometric 




Reference: 

Purbaya Klaim Keamanan Coretax Kini “A+”: Hacker Lokal Ikut Uji Ketahanan Sistem Pajak

Purbaya Berencana Gandeng Hacker untuk Perbaiki Coretax

Purbaya Akan Minta Kementerian Pakai Hacker untuk Keamanan Data

Hacker Lokal Level Internasional Perbaiki Sistem Pajak Coretax

What is Ethical Hacking and How to Become an Ethical Hacker?     

You may like this...

Cybersecurity Insights
Comparing Indonesia’s PDP Law with GDPR and U.S. Privacy Rules

Comparing Indonesia’s PDP Law with GDPR and U.S. Privacy Rules

From health records to social media behavior, every digital breadcrumb we leave behind is collected, processed, and sometimes shared across borders. But what happens when that data leaves Indonesia?

Read More
Cybersecurity Insights
Understanding Ethical Hackers and How They Protect Businesses

Understanding Ethical Hackers and How They Protect Businesses

Many regulators, enterprises, and even government agencies now intentionally invite professionals to hack their systems first, so they can fix the weaknesses before real attackers find them. It’s a proactive model and it’s way cheaper than recovering from ransomware or data theft

Read More
Cybersecurity Insights
Understanding Digital Exhaust and Why It Matters

Understanding Digital Exhaust and Why It Matters

The information generated automatically as a byproduct of digital activity is known as digital exhaust. While largely invisible to users, this data accumulates continuously and, when aggregated, can reveal far more than most people expect.

Read More
Company Updates
Cisometric 2025 Recap: A Year of Learning, Collaboration, and Cyber Resilience

Cisometric 2025 Recap: A Year of Learning, Collaboration, and Cyber Resilience

At Cisometric, 2025 wasn’t just about responding to cyber incidents or tracking threats. It was about building understanding, strengthening capability, and growing together with the ecosystem, from business leaders and policymakers to the new generation of talents preparing to enter the cyber workforce.

Read More
Cybersecurity Insights
What Businesses Can Learn from Asahi’s Ransomware Shutdown

What Businesses Can Learn from Asahi’s Ransomware Shutdown

The ransomware incident, which hit on September 29, 2025, crippled Asahi’s ordering, shipping, and customer service systems, paralyzing operations across most of its 30 factories

Read More

Search Article by Category