Ransomware victim disclosure
← All victimsBiman airlines
Claimed by Moneymessage · listed 3 years ago
Status timeline
- ListedMar 29, 2023
- Data leakeddate unknown
At a glance
- Group
- Moneymessage
- Status
- Data leaked
- Country
- Bangladesh
- Listed on leak site
- Mar 29, 2023
About the victim
AI dossier — public-source company profileBiman Bangladesh Airlines is the national flag carrier airline of Bangladesh, operating international passenger and cargo services to destinations across Asia and Europe, as well as domestic routes within Bangladesh. It is a state-owned enterprise headquartered at Balaka Bhaban, Kurmitola, Dhaka. The airline is one of the largest employers in the Bangladeshi aviation sector.
- Industry
- Commercial Aviation
- Address
- Balaka Bhaban, Kurmitola, Dhaka 1229, Bangladesh
- Employees
- 5000-10000
- Founded
- 1972
Attack summary
Severity: high — The disclosure status is 'data_published', indicating actual data has been released by the group. As a national flag carrier, any exfiltrated data likely includes passenger PII, operational data, and potentially sensitive government-related cargo/travel records, representing significant business and regulatory exposure even without a confirmed data volume.The MoneyMessage ransomware group claims to have attacked Biman Bangladesh Airlines and has published data as indicated by the disclosed status, though the leak post itself does not specify whether encryption, exfiltration, or both occurred, nor does it detail the volume or nature of data stolen.
Data the group says was taken
AI dossier — extracted from the leak post- Airline operational data
- Passenger records (potential)
- Cargo service records (potential)
- Internal business documents (potential)
What the group claims
Biman Bangladesh Airlines (Bengali) is the national flag carrier airline of Bangladesh. The airline provides international passenger and cargo services to Asia and Europe, as well as major domestic routes inside Bangladesh.
Sources
Source
Indexed 3 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

