Share this analysis

IDC Games, Bangladesh Bank and others fall victim of data leaks.

03 October 2021
BREACHAWARE HQ
Bank

A total of 5 breach events were found and analysed resulting in 388,266 exposed accounts containing a total of 8 different data types of personal datum . The breaches found publicly and freely available included IDC Games, Bangladesh Bank, Jobs and App BB, MRCVSonline, Ashwood Vet and BGR India. Sign in to view the full library of breach events which includes, where available, reference articles relating to each breach.

Categories of Personal Data Discovered

Contact Data, Technical Data, Socia-Demographic Data, Social Relationships Data, Locational Data.

Data Breach Analysis

While smaller in numerical scope compared to other batches, this group of incidents illustrates how data breaches continue to occur across a wide array of industries, including sectors not traditionally seen as high-risk, such as veterinary practices and niche employment apps. The industries represented here include online gaming, central banking, job platforms, veterinary medicine, and media publishing, offering a clear window into the unpredictable and wide-ranging nature of modern digital exposure.

Banking and Institutional Exposure: Bangladesh Bank

Perhaps the most structurally significant incident in this batch involves Bangladesh Bank, the central banking authority of Bangladesh. While this breach appears to relate to publicly available or leaked datasets, it still raises immediate concerns due to the nature of the institution. As a central bank, Bangladesh Bank is not just a custodian of public funds but a steward of monetary policy, financial regulation, and national economic infrastructure.

Breaches involving financial institutions, even if limited to metadata, employee directories, or internal credentials, can carry outsized geopolitical and economic implications. In this context, the affected users may include bank employees, system administrators, or external vendors linked to the bank’s broader digital infrastructure. The exposure could also carry reputational risk, particularly in light of Bangladesh Bank’s earlier encounter with high-profile cyberattacks, such as the 2016 SWIFT-related heist. While the nature of the exposed data is not deeply detailed here, even low-level access points in such an environment are potential stepping stones for more complex cyber intrusion campaigns.

Gaming and Platform-Based Communities: IDC Games

Another entry in this batch, IDC Games, reflects the continued targeting of online gaming ecosystems. IDC Games is a multi-language gaming portal that hosts a variety of multiplayer games and supports in-game monetisation, player accounts, and user forums. Breaches of this nature often expose user credentials, email addresses, and associated digital purchases or in-game histories.

Given that gaming platforms frequently house overlapping user communities, many of whom recycle usernames or passwords across services, compromised credentials from IDC Games could become valuable in credential-stuffing attacks on platforms like Steam, Epic Games, or Discord. This breach could affect a global and relatively young user base, many of whom participate in competitive gaming environments and may not be practicing strong digital hygiene.

Employment and Professional Communities: Jobs and App BB

Also present in this batch is Jobs and App BB, a job-matching or career-related platform likely focused on the Bangladesh region. Platforms of this kind collect a blend of personally identifiable information (PII) and professional history, CVs, email addresses, location data, and often work or education backgrounds. Even if not financial in nature, this data can be deeply personal and revealing. The risk with employment data is twofold: it provides a roadmap to someone’s professional identity, and it can be used to tailor phishing or social engineering attacks. In many cases, employment platforms have limited cybersecurity controls relative to more mature enterprise systems, making them a vulnerable entry point for attackers.

Breach exposure in this context likely impacts job seekers, human resources professionals, and recruiters. It may also have implications for employers whose job postings or company details were scraped as part of the breach.

Veterinary and Healthcare Services: MRCVSonline and Ashwood Vet

A more unexpected inclusion is MRCVSonline and Ashwood Vet, both linked to veterinary medicine and services. MRCVSonline appears to function as a veterinary news, regulation, or professional information hub, likely catering to licensed veterinary professionals in the UK. Ashwood Vet, on the other hand, may represent a specific clinic or small practice.

The involvement of veterinary platforms is notable because it represents an intersection between healthcare-adjacent services and small business digital presence. Many smaller medical and veterinary practices lack the technical resources or budgets for robust cybersecurity. As a result, breaches in these domains may expose appointment records, client contact details, internal communications, or even prescription information related to animal patients, none of which may seem high-stakes on the surface, but all of which add to the overall patchwork of a user's digital footprint.

The affected individuals here are likely to include veterinary professionals, clinic staff, and customers (i.e., pet owners) whose names, phone numbers, and email addresses may have been collected during routine operations.

Digital Publishing and News: BGR India

Rounding out this batch is BGR India, a prominent tech news site covering gadgets, telecom, and digital innovation within the Indian market. As a publishing outlet, BGR India collects user data through newsletter subscriptions, comment systems, content management systems (CMS), and possibly ad analytics platforms. News websites are often overlooked in breach discussions, but they collect rich behavioural data, IP addresses, device information, and in some cases registration data.

The target audience here includes tech enthusiasts, casual readers, and potentially journalists or contributors. Depending on the nature of the breach, this could expose backend CMS accounts, registered users, or internal editorial infrastructure. While not as sensitive as financial or medical data, it still opens pathways to misinformation campaigns, phishing, or impersonation, especially if journalists or editors are compromised.

A Closer Look at Impacted Populations

Across these five breaches, the exposed population is surprisingly diverse:
- Finance professionals and regulators (Bangladesh Bank)
- Online gamers and digital consumers (IDC Games)
- Job seekers and HR professionals (Jobs and App BB)
- Medical staff and local pet owners (Ashwood Vet, MRCVSonline)
- Tech readers and content creators (BGR India)

This highlights a growing trend: data breaches no longer concentrate around singular industries or global platforms. Instead, they now pervade every level of the digital economy, from public sector institutions to regional employers, local clinics, and content platforms.

Even with fewer than 400,000 accounts exposed in this batch, the cross-industry nature of the breaches creates a broader risk for identity aggregation, phishing campaigns, and social engineering efforts. The more fragmented the sources of data, the easier it becomes for attackers to piece together a user's full identity by correlating multiple low-level leaks.

As breaches become more commonplace in non-traditional sectors, organisations of all sizes must begin treating data security not as a feature or compliance step, but as an operational imperative. For users, the lesson is the same: be cautious with credential reuse, stay informed about platforms you engage with, and where possible, minimise personal data exposure, no matter how benign the service may seem.

  • Key Stats
  • BREACH EVENTS
    0
  • EXPOSED ACCOUNTS
    0
  • EXPOSED DATUM TYPES
    0