Hackers exploited vulnerabilities in City Bank's security systems to access and sell client financial statements on the dark web. BCSI investigation reveals critical security flaws.
 |
| BCSI investigation of City Bank data breach highlights the importance of strong cybersecurity measures in the financial sector. Image: City Bank |
Dhaka, Bangladesh --- January 7, 2025:
City Bank, a leading financial service in Bangladesh, recently experienced a data breach where sensitive client financial statements were exposed and subsequently sold on underground hacking forums. This incident, confirmed by the Bangladesh Cyber Security Intelligence (BCSI), raises serious concerns about the cybersecurity posture of the nation's financial sector.
The breach, discovered in early 2025, involved a vulnerability that allowed unauthorized access to client statements. This exploit leveraged flaws in session management, enabling attackers to bypass weak multi-factor authentication (MFA) and reuse previously authenticated sessions.
BCSI had previously warned City Bank about potential security vulnerabilities in mid-2024, highlighting the risk of unauthorized access to client funds and sensitive information. While the bank reportedly addressed these initial concerns, the recent breach suggests that these measures were insufficient.
Following the discovery of the breach, City Bank acknowledged the incident and stated that a "system glitch" on January 2, 2025, allowed a hacker to bypass 2FA and gain access to account statements. The bank emphasized that the breach was limited to viewing statements and no financial transactions were compromised.
In response, City Bank has taken several steps to address the issue, including reviewing and enhancing its security protocols, revoking all compromised sessions, deploying a dedicated real-time monitoring team, and implementing measures to prevent similar vulnerabilities in the future.
This incident shows the critical importance of robust cybersecurity measures within the financial sector. As digital threats evolve, financial institutions must continually assess and strengthen their defenses to protect sensitive client information and maintain public trust.