Butwal, Nepal — A major cybersecurity incident has emerged following a data breach at the Department of Prison Management, allegedly carried out by the hacker group CMD Nepal.
The group has publicly released confidential files from the department, including official documents and scanned internal records, through Telegram and other platforms. The leaked archive, titled mail.nepal.gov.np.zip, is 22.5 MB in size and appears to contain sensitive government information.
Screenshots shared by CMD Nepal show access to the internal storage system of the domain mail.nepal.gov.np, along with previews of ZIP files, government memos, and what seem to be scanned documents of prison-related communications. The files are now circulating across online platforms.
Content of the Leaked Data
The leaked folder includes:
- Scanned identity documents
- Internal memos
- Staff transfer letters
- Archived images of confidential records
- Compressed ZIP files of administrative data
Some filenames indicate internal administrative operations related to prison management logistics and correspondence.
Threat Actor’s Communication
CMD Nepal, known for previous cyber activities targeting government institutions, announced the breach through its Telegram channel. In the same post, they hinted at the possession of additional credentials and login information for other government services under .gov.np domains.
The group has not released a specific reason or motive behind the attack but has continued its pattern of exposing vulnerabilities in Nepal’s digital infrastructure.
Government Response
As of now, there has been no official statement from the Department of Prison Management or the Government of Nepal regarding this breach. Cybersecurity experts have expressed concern over the continuing trend of cyber incidents affecting government systems in recent years.
Previous attacks, including data breaches targeting immigration, provincial portals, and official government servers, have already exposed systemic weaknesses such as:
- Outdated platforms
- Lack of multi-factor authentication
- Infrequent security audits
- Inadequate coordination between cybersecurity agencies and departments
Implications
The Department of Prison Management is a critical institution overseeing the administration, personnel, and records related to correctional facilities across Nepal. Unauthorized access to its internal systems could result in severe privacy violations, potential manipulation of sensitive data, and risks to the integrity of administrative processes.
Cybersecurity professionals are urging the government to take the following steps:
- Conduct a full audit of government domains and services.
- Strengthen server security with modern encryption and access controls.
- Partner with cybersecurity researchers and ethical hackers for vulnerability assessments.
- Increase transparency and public reporting of breaches.
About CMD Nepal
CMD Nepal is one of several emerging hacker groups operating in Nepal’s digital sphere. Active primarily on Telegram, the group has previously been associated with website defacements, database leaks, and breaches of public and semi-government portals.
This incident marks yet another warning sign for Nepal’s digital governance. Without proactive defense mechanisms and inter-agency cooperation, government institutions remain exposed to increasingly organized cyber threats.
Tech Aware Nepal will continue to monitor this situation and provide verified updates.
About the Author
🔔 Subscribe to Tech Alerts & Updates
Never miss an important cybersecurity update in Nepal.
