InfoSecBulletin Cybersecurity for mankind
A recent dark web scan revealed that customer data from Dhaka Electric Supply Company Limited (DESCO) has been exposed. The breach affects 110,856 users and includes sensitive information like Customer Number, Name, Email, Address, and Mobile Number.
The exposure of this data on the dark web poses several risks like:
Qilin Ransomware topped April 2025 with 45+ data leak disclosures
SonicWall Patches 3 Flaws in SMA 100 Devices
Top Ransomware Actively Attacking Financial Sector: 406 Incidents Disclosed
Critical (CVSS 10) Flaw in Cisco IOS XE WLCs Allows RRA
CVE-2025-29824
Play Ransomware Exploited Windows CVE-2025-29824 as Zero-Day
Hacker exploited Samsung MagicINFO 9 Server RCE flaw
CISA adds Langflow flaw to its KEV catalog
Google Fixes Android Flaw (CVE-2025-27363) Exploited by Attackers
UAP hosted “UAP Cyber Siege 2025”, A national level cybersecurity competition
xAI Dev Leaks API Key for Private SpaceX, Tesla & Tweeter
Operational Disruption: Unauthorized access to internal systems may cause major problems, harming the city’s economy and public services.
Espionage and Surveillance: Electricity usage data can show habits of people or organizations, which could be used for spying or planning physical sabotage.
Targeted Disruptions: Attackers could interfere with billing or services, leading to outages in certain areas or disrupting power to essential facilities.
Identity Theft: Sensitive information could be stolen and used to harm customers financially and personally.
To enhance the security of Dhaka Electric Supply Company Limited’s (DESCO) IT systems, BCSI suggests a broader strategy than just standard vulnerability assessments that often use automated tools. Many VAPT companies rely heavily on automated scanners, which can overlook complex vulnerabilities and advanced threats. While these tools are helpful, they cannot substitute for the expertise of experienced cybersecurity professionals in identifying and addressing sophisticated attacks.
To protect, DESCO should take robust cybersecurity actions and to collaborate with cyber security experts who have practical experience in protecting critical infrastructures. By implementing a strong defense strategy that involves continuous network monitoring, incident response planning, threat intelligence sharing, and regular security audits, DESCO can significantly enhance their ability to withstand cyber threats.
Dhaka Electric Supply Company Limited (DESCO) plays a vital role in providing electricity to a large part of Dhaka, which is essential for the city’s economy and daily life. The customer data it holds, such as names, contact numbers, addresses, billing details, and electricity usage, is sensitive and important for managing services.
Prior to that, In june-2023 The official verified Facebook page of Dhaka Electric Supply Company Limited (DESCO) was hacked. At that time, while visiting the page it was seen that the hackers had written slogans of Bangabandhu’s age-old Dabaya, Parba Naa.
(to be continued)
