BEC A.I CyberSecurity Scoring
BEC
Company Information
Website:http://www.ecs.gov.bd/
Employees number:590
Number of followers:0
NAICS:92
Industry Type:Government Administration
Homepage:ecs.gov.bd
BEC Risk Score (AI oriented)
Between 750 and 799
BECGovernment Administration
Updated:
04/04/2026
04/04/2026
765/1000
Fair
Baa
BEC Global Score (TPRM)
xxxx
BECGovernment Administration
Score locked

BECFair
Current Score
765Baa (FAIR)
01000
3 incidents
-48 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
722
JUNE 2026
768
MAY 2026
767
APRIL 2026
766
MARCH 2026
764
FEBRUARY 2026
800
Breach
03 Feb 2026 • BEC
Bangladesh Election Commission: Bangladesh: Data breach a threat to journalist safety
Bangladesh Election Commission Data Breach Exposes Personal Data of 14,000 Journalists
763
CRITICAL-37
BAN1770200040
Bangladesh Election Commission Data Breach Exposes Personal Data of 14,000 Journalists
A major security failure in Bangladesh’s Election Commission (EC) has exposed the personal data of at least 14,000 journalists, raising serious concerns over privacy and institutional accountability. The breach occurred in the EC’s newly launched online accreditation system, which was introduced to streamline journalist verification for election coverage.
For several hours, sensitive information including photographs, signatures, national ID details, office identity cards, and media records was left publicly accessible due to basic security oversights. The incident, described as a "grave violation of privacy" by digital rights group ARTICLE 19, undermines protections guaranteed under national and international law.
The exposure poses severe risks to journalists, particularly in an environment where press freedom is already under threat. Compromised data could enable harassment, surveillance, or physical harm, further endangering those covering elections. ARTICLE 19 criticized the EC for institutional negligence, citing a lack of adequate security testing and accountability in handling sensitive information.
Beyond immediate safety concerns, the breach erodes public trust in digital governance and damages the credibility of institutions responsible for safeguarding democratic processes. ARTICLE 19 has called for an independent investigation into the incident, including whether the data was copied or misused, and demands accountability for responsible officials.
The organization also stressed the need for stronger data protection measures such as encryption, access controls, and mandatory security audits before deploying any digital system. Without legal safeguards and independent oversight, both journalists and citizens remain vulnerable to future breaches. The incident underscores the urgent need for reforms to protect privacy and uphold press freedom in Bangladesh.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
JANUARY 2026
800
DECEMBER 2025
799
NOVEMBER 2025
799
OCTOBER 2025
798
SEPTEMBER 2025
797
AUGUST 2025
796
Ransomware
01 Aug 2025 • BEC
Shwapno: Retail chain Shwapno hit by customer data breach, hackers seek $1.5m
Shwapno Retail Chain Data Breach and Ransom Demand
737
CRITICAL-59
ACI1774708213
Shwapno Retail Chain Confirms 2023 Data Breach After Hackers Demand $1.5 Million Ransom
Popular Bangladeshi retail chain Shwapno disclosed a 2023 data breach after hackers demanded $1.5 million to prevent the release of stolen customer information. The incident came to public attention in recent weeks when portions of the compromised data including names, phone numbers, and purchase histories appeared on social media.
Shwapno’s Managing Director, Sabbir Hasan Nasir, confirmed that the company was first alerted to the breach in August 2023 via an email from the attackers. The hackers set a December deadline for payment, claiming it would ensure full access to the database was returned. However, Shwapno later verified that its system access remained intact, though the attackers may have exfiltrated a portion of the data.
The retailer, a subsidiary of ACI Limited, operates 812 outlets across 63 districts and serves over 4 million registered customers. While the exact scale of the breach remains unconfirmed, leaked data reportedly includes customer identities and transaction details.
Shwapno has since secured its database and is collaborating with local and international forensic experts, as well as Bangladesh’s Counter Terrorism and Transnational Crime (CTTC) unit, to investigate the incident. The company is also preparing to file a formal case in response to the attack.
Nasir acknowledged a delay in public disclosure, stating that immediate security measures were taken after the August notification, though the company was unaware the hackers had retained and later leaked the data. The full extent of the compromise is still under review.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
JULY 2025
837
Breach
01 Jul 2025 • BEC
Bangladesh Election Commission: EC data breach exposes accountability crisis
Election Commission Data Breach Exposes Critical Gaps in Bangladesh’s Cybersecurity Framework
795
CRITICAL-42
BAN1770409055
Election Commission Data Breach Exposes Critical Gaps in Bangladesh’s Cybersecurity Framework
A recent data breach at Bangladesh’s Election Commission has exposed the personal information of approximately 14,000 journalists, raising serious concerns about the country’s digital governance and cybersecurity preparedness. The incident, stemming from a preventable authorization flaw in a web application designed for election coverage accreditation, highlights systemic weaknesses in software development, institutional accountability, and crisis response.
The vulnerability allowed unauthorized access to sensitive data including journalists’ addresses, identification details, and contact information through basic manipulation of web address paths. While it remains unclear whether the breach resulted from open exposure or privilege escalation within a logged-in system, the lack of immediate clarity underscores deeper issues: a culture that prioritizes rapid deployment over security, minimal adversarial testing, and bureaucratic indifference to cyber risks.
Administrative response further compounded the problem. Officials reportedly delayed assessment for over 24 hours, treating the incident as a public relations issue rather than a national security threat. Such delays are particularly alarming given the high-risk nature of the compromised data journalists in Bangladesh face heightened vulnerabilities to surveillance and intimidation, making this breach not just a technical failure but a potential threat multiplier.
The incident reflects broader structural flaws in Bangladesh’s digital transformation. Government software projects have long emphasized speed and visual polish over resilience, with security testing often treated as an afterthought. Quality assurance processes favor validation over rigorous, exploratory testing, leaving systems vulnerable to exploitation. Meanwhile, post-breach protocols such as forensic analysis and log preservation appear underdeveloped or nonexistent, hindering accurate damage assessment.
At an institutional level, the breach reveals a disconnect between leadership and cybersecurity imperatives. Officials either underestimate digital risks, deprioritize their consequences, or operate within a system where accountability is diffuse. Without enforceable consequences for negligence, poor procurement, or inadequate oversight, such failures are likely to recur.
The Election Commission breach serves as a cautionary example of how unchecked digital ambition can amplify institutional fragility. Without a shift toward adversarial testing, mandatory security reviews, and decisive incident response, Bangladesh’s technological progress risks reinforcing rather than resolving long-standing vulnerabilities.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
Frequently Asked Questions
?
What is the current A.I Rankiteo Cyber Score for BEC ??
What was BEC's A.I Rankiteo Cyber Score in June 2026 ??
What was BEC's A.I Rankiteo Cyber Score in May 2026 ??
What was BEC's A.I Rankiteo Cyber Score in April 2026 ??
What was BEC's A.I Rankiteo Cyber Score in March 2026 ??
What was BEC's A.I Rankiteo Cyber Score in February 2026 ??
What was BEC's A.I Rankiteo Cyber Score in January 2026 ??
What was BEC's A.I Rankiteo Cyber Score in December 2025 ??
What was BEC's A.I Rankiteo Cyber Score in November 2025 ??
What was BEC's A.I Rankiteo Cyber Score in October 2025 ??
What was BEC's A.I Rankiteo Cyber Score in September 2025 ??
What was BEC's A.I Rankiteo Cyber Score in August 2025 ??
What is the average per-incident point impact on BEC's A.I Rankiteo Cyber Score over the past 12 months ??
Where can I access detailed records of all cyber incidents associated with BEC ??
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ??
Where can I view BEC's profile page on Rankiteo ??
How accurate is the A.I Rankiteo Risk Scoring methodology ?