CloudDefense.AI Discovers Major Data Breach: NTMC Database Exposes Bangladeshi Citizens’ Sensitive Information

CloudDefense.AI Discovers Major Data Breach: NTMC Database Exposes Bangladeshi Citizens' Sensitive Information
CloudDefense.AI Discovers Major Data Breach: NTMC Database Exposes Bangladeshi Citizens' Sensitive Information

CloudDefense.AI’s cybersecurity researcher, Viktor Markopoulos, has uncovered a data breach at Bangladesh’s National Telecommunications Monitoring Center (NTMC).

PALO ALTO, CALIFORNIA, UNITED STATES, November 17, 2023 / The research by Viktor uncovered an exposed database lying on the internet, which then went on to be hijacked by hackers due to a delay in action from the victim organization’s side.

The compromised NTMC database contained 120 indexes with various logs, exposing citizens’ calls and internet activities. Real citizen information, including call metadata, was compromised. Viktor reported the breach on November 8, but before the NTMC could secure the database, it was accessed by hackers who wiped the data and demanded a ransom payment of 0.01 bitcoins (approximately $360).

The exposed database contained information about Bangladeshi citizens, including names, professions, parents’ names, and more sensitive information such as their phone numbers, exam details, vehicle registration numbers, phone IMEI numbers, passport details, and biometric data, including fingerprints.

Although most of the data were identified as test entries, it still helps to predict the structure of the data the agency collects and the motive behind it. In between, there was data on real individuals, which was confirmed by contacting the victims. Jeremiah Fowler, co-founder of Security Discovery, expressed his concerns over the various IMEI numbers available on the database. These numbers could easily be used to clone or track existing devices.

Investigation revealed the breach was caused by a myriad of flaws, including misconfiguration in NTMC’s system, a lack of access controls, and strong encryption methods. Viktor expressed concern over the intelligence agency’s carelessness about the sensitive information of their country’s citizens. He noted that they continued to use the database even after it was reported to them that it had been exposed.

Countries like Bangladesh do not follow strict data protection regulations like those available in the EU or US. This incident highlights the need for organizations to implement robust cybersecurity measures and strict adherence to industry security standards. CloudDefense.AI emphasizes the importance of fine-grained access controls and offers advanced security solutions. Read our blog to learn more about this incident.

CloudDefense.AI offers an all-in-one suite of security solutions to prevent and detect data breaches. These solutions include Hacker’s VIew™ for vulnerability detection and Cloud Security Posture Management (CSPM) to take care of misconfigurations. CloudDefense.AI urges all organizations to implement strong access controls, use data encryption, and regularly scan for misconfigurations. The company also recommends that organizations educate their employees about cybersecurity risks and best practices.

Also readBorn-in-the-cloud companies are now the frontrunners of the tech industry, says Prince Joseph, Group CIO at SFO Technologies

Do FollowCIO News LinkedIn Account | CIO News Facebook | CIO News Youtube | CIO News Twitter 

About us:

CIO News, a proprietary of Mercadeo, produces award-winning content and resources for IT leaders across any industry through print articles and recorded video interviews on topics in the technology sector such as Digital Transformation, Artificial Intelligence (AI), Machine Learning (ML), Cloud, Robotics, Cyber-security, Data, Analytics, SOC, SASE, among other technology topics.