Dhaka Electric Supply Company Limited (DESCO) is crucial for supplying electricity to a significant portion of Dhaka, supporting the city’s economy and everyday activities. The customer data DESCO holds, including personal details like names, contact number, addresses, billing information, and electricity usage patterns, is sensitive and critical for service management.
In a recent dark web monitoring of Bangladeshi critical infrastructure, it was discovered that Dhaka Electric Supply Company Limited (DESCO) customer data had been exposed. Upon thorough analysis, the breached dataset was found to contain sensitive information of 110,856 users. The compromised data includes critical details such as Customer No., Customer Name, Identifier, Email, Address, and Mobile Number.
The exposure of this data on the dark web presents multiple risks:
- Targeted Disruptions: Attackers could manipulate billing or service delivery, causing blackouts in specific areas or disrupting power to critical infrastructures.
- Identity Theft: Sensitive information could be used for fraud, leading to financial and personal damages for customers.
- Operational Disruption: Unauthorized access to internal systems could lead to widespread outages, damaging the city’s economy and public services.
- Espionage and Surveillance: Detailed electricity usage data can reveal patterns about individuals or organizations, which could be exploited for spying or planning physical sabotage.
To secure Dhaka Electric Supply Company Limited’s (DESCO) IT systems, a more comprehensive approach is needed beyond traditional vulnerability assessments often reliant on automated tools. Many corporate VAPT (Vulnerability Assessment and Penetration Testing) companies depend heavily on automated scanning software, which may miss complex vulnerabilities or advanced persistent threats. These tools, while useful, cannot fully replace the expertise of skilled cybersecurity professionals with real-world experience in detecting and mitigating sophisticated attacks.
DESCO should prioritize hiring or collaborating with cybersecurity experts who possess hands-on experience in defending critical infrastructures. Implementing a robust, layered defense strategy that includes continuous network monitoring, incident response planning, threat intelligence sharing, and regular security audits would greatly improve their resilience against cyber threats.
