A hacker group breached the email server of the state-owned Agrani Bank Limited and stole data of its 12,000 clients.
The group ‘KillSec’ then demanded a ransom of ERU 5,000 or approximately 628,000 taka via messaging platform ‘Messenger’ on 17 May to wipe out the data. Having failed to get any ransom, they released the client’s data on dark web on 6 June.
The data breach was first reported by Daily Dark Web (dailydarkweb.net) on 17 May.
A review of the data available on dark web show the leaked data contained various information including copies of various office orders, details on provident funds of the bank staff, details on loans of accountant holders and orders on quick disbursement of funds.
Authorities at the Agrani Bank, which is declared a critical information infrastructure (cii) by the government, however, said no hacking took place at the bank but emails of several staff were compromised.
The Bangladesh Government's e-Government Computer Incident Response Team (BGD e-GOV CIRT) project under the Information and Communication Technology (ICT) Division works to ensure cyber security at the government infrastructures.
BGD e-GOV CIRT director Mohamamd Saiful Amin Khana told Prothom Alo they noticed the issues at Agrani Bank and their team visited the bank. The matter has been solved, he added.
The Agrani Bank said various government agencies checked their security system and found no flaws. Agrani Bank managing director Md Murshedul Kabir told Prothom Alo no hacking happened at their bank.
Bangladesh has experienced data breach on various occasions. Earlier, troves of information on the personal details of Bangladeshi citizens were stolen from the Office of the Registrar General, Birth & Death Registration in July 2023 and again from the National Telecommunication Monitoring Center (NTMC) in October of that year.
Cyber security expert Touhid Bhuiyan told Prothom Alo a national cyber security framework is must to ensure cyber security, but nothing such has been approved in Bangladesh yet.
He said the banks and financial institutions take Payment Card Industry Data Security Standard (PCI DSS) certification to store sensitive data on people, as well as their own security, but many in Bangladesh do not take the issue seriously
This report appeared in the online edition of Prothom Alo and has been rewritten in English by Hasanul Banna