Rankiteo Logo
Rankiteo
Leader in Cyber Underwriting
Loading...
NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop
WindowsmacOSLinux
Download
Bangladesh Election Commission

Bangladesh Election Commission Vendor Cyber Rating & Cyber Score

ecs.gov.bd

The Bangladesh Election Commission (EC) is an independent constitutional body responsible for organizing and overseeing elections in Bangladesh. The Bangladesh Election Commission was founded in 1972, shortly after Bangladesh gained its independence from Pakistan. The Election Commission of Bangladesh was established as an independent constitutional body to oversee and administer elections in the newly formed nation. Its creation was a significant step in establishing the democratic framework of the country and ensuring that free and fair elections would be held in Bangladesh. Since its establishment, the Election Commission has played a crucial role in organizing and supervising elections at various levels of government in Bangladesh.


BEC A.I CyberSecurity Scoring

BEC
Company Information
Website:http://www.ecs.gov.bd/
Employees number:590
Number of followers:0
NAICS:92
Industry Type:Government Administration
Homepage:ecs.gov.bd
BEC Risk Score (AI oriented)
Between 750 and 799
logo
BECGovernment Administration
Updated:
04/04/2026
765/1000
Fair
Baa
AaaAaABaaBaBCaaCaC
Powered by our proprietary A.I cyber incident model
Insurance prefers TPRM score to calculate premium
BEC Global Score (TPRM)
xxxx
logo
BECGovernment Administration
•••
Score locked
Instant access to detailed risk factors
Vulnerabilities
Benchmark vs. industry & size peers
Findings

BEC
BECFair
Current Score
765Baa (FAIR)
01000
3 incidents
-48 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
722Before Incident
JUNE 2026
768Before Incident
MAY 2026
767Before Incident
APRIL 2026
766Before Incident
MARCH 2026
764Before Incident
FEBRUARY 2026
800Before Incident
Breach
03 Feb 2026BEC
Bangladesh Election Commission: Bangladesh: Data breach a threat to journalist safety

Bangladesh Election Commission Data Breach Exposes Personal Data of 14,000 Journalists

763After Incident
CRITICAL-37
BAN1770200040
Bangladesh Election Commission Data Breach Exposes Personal Data of 14,000 Journalists A major security failure in Bangladesh’s Election Commission (EC) has exposed the personal data of at least 14,000 journalists, raising serious concerns over privacy and institutional accountability. The breach occurred in the EC’s newly launched online accreditation system, which was introduced to streamline journalist verification for election coverage. For several hours, sensitive information including photographs, signatures, national ID details, office identity cards, and media records was left publicly accessible due to basic security oversights. The incident, described as a "grave violation of privacy" by digital rights group ARTICLE 19, undermines protections guaranteed under national and international law. The exposure poses severe risks to journalists, particularly in an environment where press freedom is already under threat. Compromised data could enable harassment, surveillance, or physical harm, further endangering those covering elections. ARTICLE 19 criticized the EC for institutional negligence, citing a lack of adequate security testing and accountability in handling sensitive information. Beyond immediate safety concerns, the breach erodes public trust in digital governance and damages the credibility of institutions responsible for safeguarding democratic processes. ARTICLE 19 has called for an independent investigation into the incident, including whether the data was copied or misused, and demands accountability for responsible officials. The organization also stressed the need for stronger data protection measures such as encryption, access controls, and mandatory security audits before deploying any digital system. Without legal safeguards and independent oversight, both journalists and citizens remain vulnerable to future breaches. The incident underscores the urgent need for reforms to protect privacy and uphold press freedom in Bangladesh.
INCIDENT DETAILS -
TYPE
Data Breach
IMPACT
Data Compromised: Photographs, signatures, national ID details, office identity cards, media recordsSystems Affected: Online accreditation systemOperational Impact: Erosion of public trust in digital governanceBrand Reputation Impact: Damages credibility of institutions responsible for safeguarding democratic processesIdentity Theft Risk: High
DATA BREACH
PhotographsSignaturesNational ID detailsOffice identity cardsMedia recordsNumber Of Records Exposed: 14,000Sensitivity Of Data: HighData Encryption: NoPersonally Identifiable Information: Yes
JANUARY 2026
800Before Incident
DECEMBER 2025
799Before Incident
NOVEMBER 2025
799Before Incident
OCTOBER 2025
798Before Incident
SEPTEMBER 2025
797Before Incident
AUGUST 2025
796Before Incident
Ransomware
01 Aug 2025BEC
Shwapno: Retail chain Shwapno hit by customer data breach, hackers seek $1.5m

Shwapno Retail Chain Data Breach and Ransom Demand

737After Incident
CRITICAL-59
ACI1774708213
Shwapno Retail Chain Confirms 2023 Data Breach After Hackers Demand $1.5 Million Ransom Popular Bangladeshi retail chain Shwapno disclosed a 2023 data breach after hackers demanded $1.5 million to prevent the release of stolen customer information. The incident came to public attention in recent weeks when portions of the compromised data including names, phone numbers, and purchase histories appeared on social media. Shwapno’s Managing Director, Sabbir Hasan Nasir, confirmed that the company was first alerted to the breach in August 2023 via an email from the attackers. The hackers set a December deadline for payment, claiming it would ensure full access to the database was returned. However, Shwapno later verified that its system access remained intact, though the attackers may have exfiltrated a portion of the data. The retailer, a subsidiary of ACI Limited, operates 812 outlets across 63 districts and serves over 4 million registered customers. While the exact scale of the breach remains unconfirmed, leaked data reportedly includes customer identities and transaction details. Shwapno has since secured its database and is collaborating with local and international forensic experts, as well as Bangladesh’s Counter Terrorism and Transnational Crime (CTTC) unit, to investigate the incident. The company is also preparing to file a formal case in response to the attack. Nasir acknowledged a delay in public disclosure, stating that immediate security measures were taken after the August notification, though the company was unaware the hackers had retained and later leaked the data. The full extent of the compromise is still under review.
INCIDENT DETAILS -
TYPE
Data Breach, Ransomware
MOTIVATION
Financial gain
IMPACT
Data Compromised: Customer identities, transaction details, names, phone numbers, purchase historiesSystems Affected: Customer databaseIdentity Theft Risk: High
DATA BREACH
NamesPhone numbersPurchase historiesTransaction detailsSensitivity Of Data: Personally Identifiable Information (PII)Data Exfiltration: YesPersonally Identifiable Information: Yes
JULY 2025
837Before Incident
Breach
01 Jul 2025BEC
Bangladesh Election Commission: EC data breach exposes accountability crisis

Election Commission Data Breach Exposes Critical Gaps in Bangladesh’s Cybersecurity Framework

795After Incident
CRITICAL-42
BAN1770409055
Election Commission Data Breach Exposes Critical Gaps in Bangladesh’s Cybersecurity Framework A recent data breach at Bangladesh’s Election Commission has exposed the personal information of approximately 14,000 journalists, raising serious concerns about the country’s digital governance and cybersecurity preparedness. The incident, stemming from a preventable authorization flaw in a web application designed for election coverage accreditation, highlights systemic weaknesses in software development, institutional accountability, and crisis response. The vulnerability allowed unauthorized access to sensitive data including journalists’ addresses, identification details, and contact information through basic manipulation of web address paths. While it remains unclear whether the breach resulted from open exposure or privilege escalation within a logged-in system, the lack of immediate clarity underscores deeper issues: a culture that prioritizes rapid deployment over security, minimal adversarial testing, and bureaucratic indifference to cyber risks. Administrative response further compounded the problem. Officials reportedly delayed assessment for over 24 hours, treating the incident as a public relations issue rather than a national security threat. Such delays are particularly alarming given the high-risk nature of the compromised data journalists in Bangladesh face heightened vulnerabilities to surveillance and intimidation, making this breach not just a technical failure but a potential threat multiplier. The incident reflects broader structural flaws in Bangladesh’s digital transformation. Government software projects have long emphasized speed and visual polish over resilience, with security testing often treated as an afterthought. Quality assurance processes favor validation over rigorous, exploratory testing, leaving systems vulnerable to exploitation. Meanwhile, post-breach protocols such as forensic analysis and log preservation appear underdeveloped or nonexistent, hindering accurate damage assessment. At an institutional level, the breach reveals a disconnect between leadership and cybersecurity imperatives. Officials either underestimate digital risks, deprioritize their consequences, or operate within a system where accountability is diffuse. Without enforceable consequences for negligence, poor procurement, or inadequate oversight, such failures are likely to recur. The Election Commission breach serves as a cautionary example of how unchecked digital ambition can amplify institutional fragility. Without a shift toward adversarial testing, mandatory security reviews, and decisive incident response, Bangladesh’s technological progress risks reinforcing rather than resolving long-standing vulnerabilities.
INCIDENT DETAILS -
TYPE
Data Breach
IMPACT
Data Compromised: Personal information of journalists (addresses, identification details, contact information)Systems Affected: Web application for election coverage accreditationOperational Impact: Delayed assessment and response, potential threat to journalists' safetyBrand Reputation Impact: Serious concerns about digital governance and cybersecurity preparednessIdentity Theft Risk: High (journalists' personal information exposed)
DATA BREACH
Type Of Data Compromised: Personal information (addresses, identification details, contact information)Number Of Records Exposed: 14,000Sensitivity Of Data: High (journalists' personal data, risk of surveillance and intimidation)Personally Identifiable Information: Yes

Frequently Asked Questions

?
What is the current A.I Rankiteo Cyber Score for BEC ?
?
What was BEC's A.I Rankiteo Cyber Score in June 2026 ?
?
What was BEC's A.I Rankiteo Cyber Score in May 2026 ?
?
What was BEC's A.I Rankiteo Cyber Score in April 2026 ?
?
What was BEC's A.I Rankiteo Cyber Score in March 2026 ?
?
What was BEC's A.I Rankiteo Cyber Score in February 2026 ?
?
What was BEC's A.I Rankiteo Cyber Score in January 2026 ?
?
What was BEC's A.I Rankiteo Cyber Score in December 2025 ?
?
What was BEC's A.I Rankiteo Cyber Score in November 2025 ?
?
What was BEC's A.I Rankiteo Cyber Score in October 2025 ?
?
What was BEC's A.I Rankiteo Cyber Score in September 2025 ?
?
What was BEC's A.I Rankiteo Cyber Score in August 2025 ?
?
What is the average per-incident point impact on BEC's A.I Rankiteo Cyber Score over the past 12 months ?
?
Where can I access detailed records of all cyber incidents associated with BEC ?
?
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ?
?
Where can I view BEC's profile page on Rankiteo ?
?
How accurate is the A.I Rankiteo Risk Scoring methodology ?