A threat actor has allegedly put the sensitive personal information of 4.1 million Bangladeshi citizens up for sale on a dark web forum. The data was reportedly exfiltrated from the Office of the Registrar General, Birth & Death Registration portal (orgbdr.portal.gov.bd), a critical government body responsible for maintaining the vital records of the country’s population. This entity plays a fundamental role in the civil registration system of Bangladesh, making the breach a significant concern for national security and citizen privacy.
The threat actor claims the breach occurred in July 2025 and is offering a massive database containing 4.1 million records to the highest bidder. The compromised data allegedly includes a wide range of highly sensitive Personally Identifiable Information (PII). A sample provided by the seller indicates that the leaked records contain detailed information on citizens, posing a severe risk of identity theft, financial fraud, and targeted phishing campaigns against the affected individuals.
The leaked data allegedly includes the following details:
- Full Name
- National ID (NID)
- Date of Birth (DOB)
- Full Address
- Father’s Name
- Phone Number
- Life Status (Alive/Deceased)
- Registration ID
- Registration Date
