Cyber Incident Victim: Vianet

On April 8, 2020, hackers breached the database of Vianet, a top-three internet service provider in Nepal, compromising the personal information of over 160,000 current and former subscribers. The stolen data included user names, physical addresses, phone numbers, and email addresses. Binay Bohra, Vianet’s managing director, publicly confirmed the incident and stated the company had notified Nepal’s Central Investigation Bureau (CIB) to initiate a criminal investigation. At the time of the attack, Vianet had 92,494 active subscribers according to Nepal Telecommunications Authority records from mid-December 2019. The company emphasized that internet services would remain uninterrupted despite the breach and began notifying affected customers whose personal details were exposed. Bohra disclosed that Vianet was attempting to recover the stolen data but did not specify technical methods or success likelihood.

This marked Nepal’s second major cybersecurity incident within a month, following a March 7, 2020 attack on Foodmandu, an online food delivery platform that compromised 50,000 user records. Nepal Police confirmed they were investigating both breaches concurrently, though no explicit connection between the two incidents was established. Vianet’s breach notably impacted a larger volume of records than the Foodmandu incident, affecting approximately 70,000 more individuals. The company, known for competitively priced internet packages, faced reputational risks but maintained operational continuity. No ransomware demands, data misuse evidence, or attacker identities were disclosed in initial reports. Investigations remained ongoing with no public resolution timeline.