Bangladesh’s digital infrastructure has been rocked after more than 1,000 pieces of sensitive data linked to state-owned mobile operator Teletalk surfaced across dark web platforms, exposing what experts describe as a dangerous vulnerability in the country’s telecommunications backbone.
Yet amid mounting fears, authorities have responded with silence.
Minister for Posts, Telecommunications and Information Technology Fakir Mahbub Anam told TIMES of Bangladesh he knows “nothing of the matter.”
Meanwhile, the Bangladesh Telecommunication Regulatory Commission (BTRC) and Teletalk’s own managing director have remained conspicuously silent, raising fresh questions over accountability and preparedness.
Screenshots obtained exclusively reveal 1,195 “open” breaches and 1,199 domain-based leaks tied to teletalk.com.bd.
Investigators also uncovered 19 separate cases involving criminals impersonating Teletalk. The latest malicious activity was detected as recently as April.
Threat intelligence platforms monitoring dark web marketplaces, hacker forums and encrypted Telegram channels have already sounded the alarm.
Cybersecurity experts warn, however, that the exposure does not necessarily indicate a direct breach of Teletalk’s servers.
Stolen credentials may also have been harvested through infostealer malware, phishing campaigns or compromised third-party services.
But regardless of the source, experts say the scale of the exposure signals a potentially catastrophic threat to Bangladesh’s state telecom infrastructure.
When contacted, the BTRC claimed it had “no information” regarding the leak.
One senior official of the regulator, speaking anonymously, admitted: “As a regulator, we cannot take any action unless operators inform us.”
The incident has also exposed what critics call a dangerous legal blind spot.
Bangladesh’s Telecommunications Act of 2001 never made cyber audits mandatory. Although the new law introduces such provisions, concerns are growing over whether the reforms have come far too late.
Private telecom operators such as Grameenphone and Robi voluntarily conduct internal security audits, but it remains unclear whether Teletalk follows similar practices.
Attempts to obtain a response from Teletalk Managing Director Nurul Mabud Chowdhury painted an equally troubling picture.
After two unanswered calls in the afternoon and evening, he finally answered at 8:15pm.
His response: “Should we be on duty round the clock? Can we respond if you call whenever you like?… If you send your question in writing, then, I think, we’ll able to answer.”
The Teletalk exposure is only the latest in a string of alarming incidents involving critical state systems.
Recent months have seen alleged cyberattacks targeting the Bangladesh Water Development Board’s Hydrological Information Management System.
Reports have also repeatedly surfaced of National ID data, birth registration records and even police officers’ information appearing on dark web platforms.
Cybersecurity expert Mostafizur Rahaman Sohel, former senior vice president of the Bangladesh Association of Software and Information Services, issued a stark warning to TIMES. “There is no room for ignoring this level of threat to the state telecom infrastructure,” he said.
He noted that government services, university admissions, banking transactions and critical state communications all depend on Teletalk’s network.
“Once employee credentials fall into the wrong hands,” he warned, “it could pave the way for deeper, more devastating infiltration.”
His final assessment was even more alarming: “Virtually no work is being done in the country on cybersecurity.”







