InfoSecBulletin Cybersecurity for mankind
A recent dark web scan revealed that customer data from Dhaka Electric Supply Company Limited (DESCO) has been exposed. The breach affects 110,856 users and includes sensitive information like Customer Number, Name, Email, Address, and Mobile Number.
The exposure of this data on the dark web poses several risks like:
CVE-2025-1268
Patch urgently! Canon Fixes Critical Printer Driver Flaw
Within Minute, RamiGPT To Escalate Privilege Gaining Root Access
Australian fintech database exposed in 27000 records
Over 200 Million Info Leaked Online Allegedly Belonging to X
FBI investigating cyberattack at Oracle, Bloomberg News reports
OpenAI Offering $100K Bounties for Critical Vulns
Splunk Alert User RCE and Data Leak Vulns
CIRT alert Situational Awareness for Eid Holidays
Cyberattack on Malaysian airports: PM rejected $10 million ransom
Micropatches released for Windows zero-day leaking NTLM hashes
Operational Disruption: Unauthorized access to internal systems may cause major problems, harming the city’s economy and public services.
Espionage and Surveillance: Electricity usage data can show habits of people or organizations, which could be used for spying or planning physical sabotage.
Targeted Disruptions: Attackers could interfere with billing or services, leading to outages in certain areas or disrupting power to essential facilities.
Identity Theft: Sensitive information could be stolen and used to harm customers financially and personally.
To enhance the security of Dhaka Electric Supply Company Limited’s (DESCO) IT systems, BCSI suggests a broader strategy than just standard vulnerability assessments that often use automated tools. Many VAPT companies rely heavily on automated scanners, which can overlook complex vulnerabilities and advanced threats. While these tools are helpful, they cannot substitute for the expertise of experienced cybersecurity professionals in identifying and addressing sophisticated attacks.
To protect, DESCO should take robust cybersecurity actions and to collaborate with cyber security experts who have practical experience in protecting critical infrastructures. By implementing a strong defense strategy that involves continuous network monitoring, incident response planning, threat intelligence sharing, and regular security audits, DESCO can significantly enhance their ability to withstand cyber threats.
Dhaka Electric Supply Company Limited (DESCO) plays a vital role in providing electricity to a large part of Dhaka, which is essential for the city’s economy and daily life. The customer data it holds, such as names, contact numbers, addresses, billing details, and electricity usage, is sensitive and important for managing services.
Prior to that, In june-2023 The official verified Facebook page of Dhaka Electric Supply Company Limited (DESCO) was hacked. At that time, while visiting the page it was seen that the hackers had written slogans of Bangabandhu’s age-old Dabaya, Parba Naa.
(to be continued)
