Bangladesh Cyber Security Intelligence (BCSI) Threat Intelligence team has uncovered claims made by a threat actor on the Dark Web regarding an alleged breach of a “Dhaka (Bangladesh) Army Cantonment Database.” The threat actor claimed to possess sensitive information, including:
- Full details of 23,000 individuals
- 15,000 ID card photos (front and back)
- 9,000 passport copies (front and back)
- Signatures, addresses, and photographs
- Site administrator panel access
- Dhaka Army Military ID cards
These alarming claims prompted the BCSI Threat Intelligence team to immediately investigate to assess the credibility and impact of the breach.
Investigation Findings
Upon analysis of the collected data, it was determined that the leaked information does not pertain to any Bangladesh Army database. Instead, the data is related to “Residential and Temporary Passes” issued for the Cantonment area, managed by the Residential and Temporary Pass Management System of the Cantonment Board, Dhaka.
Key Findings:
- Data Scope: The breach includes personal details of individuals who applied for residential or temporary passes. These applications contain sensitive personal information, such as ID card copies, passport details, signatures, and addresses.
- Administrator Panel Access: The threat actor claims to have access to the administrative panel of the pass management system, allowing the potential approval of fake applications. This poses significant security concerns as unauthorized individuals could access highly sensitive military zones.
- Threat to Public Safety: Although the leaked data is not directly linked to the Bangladesh Army, the breach poses a substantial risk to applicants whose information was compromised. Furthermore, the ability to forge access passes could endanger the security of military families residing in the cantonment area.
Security Implications
This breach underscores the critical need for robust cybersecurity measures in systems managing sensitive information, especially those linked to high-security zones like cantonments. As the country faces internal political challenges and external threats, such vulnerabilities can have far-reaching consequences for national security.
Recommendations for Public Awareness
To safeguard personal information, citizens are advised to:
- Regularly monitor any platforms where personal data is stored or submitted.
- Report suspicious activities or unauthorized access attempts immediately.
- Avoid sharing sensitive information on unsecured or unfamiliar platforms.
BCSI is dedicated to safeguarding the personal information of Bangladeshi citizens and ensuring national security. This incident highlights the critical importance of cybersecurity vigilance across all sectors.
