A hacker group known as KillSec breached the email server of Bangladesh’s state-owned Agrani Bank Limited, compromising the data of 12,000 clients. On May 17, 2024, the group demanded a ransom of €5,000 (approximately 628,000 taka) via Messenger to prevent data deletion. When the ransom was not paid, KillSec released the stolen data on the dark web on June 6, 2024.
The leaked data included various sensitive documents, such as office orders, details on bank staff provident funds, loan information, and directives for quick fund disbursements. Despite the breach, Agrani Bank’s authorities, which consider it critical infrastructure, claimed that no actual hacking occurred at the bank itself but that several staff emails were compromised.
The Bangladesh Government’s e-Government Computer Incident Response Team (BGD e-GOV CIRT) investigated the breach and found that the bank’s security system had no significant flaws. BGD e-GOV CIRT director Mohammad Saiful Amin Khan confirmed that the issue was addressed and resolved, and various government agencies reviewed the bank’s security measures.
Cybersecurity experts have highlighted the need for a national cybersecurity framework in Bangladesh, as previous data breaches at other government agencies indicate systemic issues. Experts recommend that banks and financial institutions in Bangladesh adopt and adhere to Payment Card Industry Data Security Standard (PCI DSS) certifications to improve data security and prevent future breaches.
Reference:
