Cyber Incident Victim: Bangladesh Export Import Company Limited

In December 2020, the ALTDOS hacking group claimed responsibility for a cyberattack targeting BEXIMCO, a major Bangladeshi multinational conglomerate with operations spanning textiles, pharmaceuticals, real estate, telecommunications, and other sectors. The attackers asserted they had exfiltrated hundreds of gigabytes of data from 34 websites associated with BEXIMCO and its subsidiaries, including telecom provider BOL-ONLINE.COM. Compromised materials reportedly included source code, databases, and internal files. As proof, ALTDOS shared samples such as an employee attendance file containing 56,088 entries with personal details and thousands of email addresses from BEXIMCO-affiliated domains. The group indicated they were still reviewing SQL databases for additional information but had not disclosed further evidence by the time of reporting in January 2021. BEXIMCO did not publicly acknowledge the breach or respond to ALTDOS’s demands or external inquiries regarding the incident.

The breach exposed significant volumes of employee personal information and organizational email addresses, though no trade secrets or intellectual property were identified in the leaked samples. With annual revenues exceeding $1 billion and operations across 21 public and private companies, the incident highlighted BEXIMCO’s susceptibility to cyber threats despite its market prominence. The attackers specifically cited the conglomerate’s scale as motivation for targeting it. Bangladesh’s legal framework at the time lacked mandatory personal data breach notification requirements, though general security obligations for corporations existed. The lack of confirmed containment measures or remediation actions by BEXIMCO left the full scope of operational disruptions, if any, unclear. ALTDOS’s claims remained unverified beyond their initial data samples, with no subsequent disclosures or third-party corroboration reported.