Multiple Bangladesh's government systems breached, exposing sensitive information

A data breach has compromised Bangladesh's government systems, exposing sensitive information across multiple agencies. The breach has affected over 100,000 police officers and numerous government institutions, marking one of the most severe cybersecurity incidents in the country's history.

The scope of the breach extends to:

• government service agencies,
• banks, financial institutions,
• transportation-related government bodies,
• regulatory agencies,
• educational institutions.

According to cybersecurity volunteer groups, the past year has seen 4,717 sets of administrative credentials leaked, potentially allowing unauthorized access to various government websites and databases. The breach has exposed approximately 700,000 pieces of login data, including URLs, IDs, and passwords. This sensitive information is currently being advertised for sale on criminal platforms, including the Dark Web and Telegram channels, though some organizations have managed to block the compromised credentials.

The police force has been particularly impacted, with the Crime Data Management System (CDMS) suffering a significant breach. The system, which contains at least 50 different types of case-related information, has had over 2,000 login credentials exposed in the past six to eight months. Additionally, the Personal Information Management System (PIMS) breach exposed detailed personal information of 108,416 police officers, including their identification numbers, ranks, work locations, contact information, and even physical characteristics.

The education sector has also been severely affected, with more than 200,000 pieces of information from various educational institutions leaked in the past six months. The breach includes 2,268 admin panel login credentials, potentially compromising several education board databases. Furthermore, a mobile phone operator's customer location database has been compromised, with criminals offering location information through automated Telegram bots.

The root cause of these breaches has been attributed to several factors, including Russian-made malware that spreads through email attachments and pirated software.

The situation is exacerbated by systemic issues within Bangladesh's cybersecurity infrastructure. Many institutions lack trained cybersecurity personnel, and there is an absence of effective laws and penalties for protecting and disclosing information. Abu Sayed Md. Kamruzzaman, Director General of the National Cyber Security Agency, has expressed concern about the general indifference toward cybersecurity measures, emphasizing the need for both institutions and individuals to prioritize cybersecurity policies and their enforcement.