What Happened
In February 2026, specifically around February 19-20, the Institute of Chartered Accountants of Bangladesh (ICAB), accessible via icab.org.bd, suffered a data breach when threat actor CrowStealer disclosed a full database dump containing over 42,000 records on underground forums. The exposed data reportedly included comprehensive personal and professional information, though exact types such as PII or credentials were not fully detailed in reports. No specific breach method or prior access date was identified, and ICAB has not publicly commented on the incident as of available sources. This event poses risks like identity theft and phishing for affected accountants, amid Bangladesh’s ongoing cybersecurity challenges.
