Data of Bangladeshi Citizens Exposed on Government Website

A major security breach of the Bangladeshi government website, lead to the exposure of citizens’ personal information. The exposed data includes full names, phone numbers, email addresses, and National ID Card numbers of the citizens. A National Identity Card, which serves as a unique attribute and gives access to various services. This card is needed for activities such as getting a driver’s license, or passport and doing transactions. The leakage of such personal data raises concerns about identity theft and potential misuse of sensitive information.

Discovery and Reporting to CIRT:

The security breach was randomly located by Viktor Markopoulos, a researcher at Bitcrack Cyber Security, on June 27. Markopoulos immediately contacted the Bangladeshi e-Government Computer Incident Response Team (CIRT) to report it. An estimate of millions of Bangladeshi citizens’ data had been exposed.

Verification of Leaked Data:

The legality of the exposed data was confirmed by TechCrunch. It uses a part of it to query a public search tool on the damaged government website. The results confirmed the accuracy of the exposed information, including the applicants’ names and also the names of their parents.

Website Still Accessible Despite Data Exposure:

Despite the severity of the breach, the website is still accessible, as reported by Markopoulos. TechCrunch has also contacted the CIRT responsible for the website, but no response or acknowledgment of exposure was received.

The Bangladeshi government, CIRT, and other organizations have been silent and have not given any official comments or statements about the incident. Whereas on Saturday CIRT claims to have taken down the exposed data, signaling that immediate actions have been taken to mitigate the risk.

However, the silence on the incident from the government and CIRT raises questions about the government’s efforts to address cybersecurity issues and safeguard citizen data in the future.

Government’s Explanation:

According to Bangladesh’s State Minister for Information and Communication Technology Zunaid Ahmed Palak, the website’s vulnerability leads to the exposure of data, not due to hacking. Bangladesh’s Home Minister Asaduzzaman Khan Kamal has also confirmed that law enforcement is readily investigating the breach. This investigation is critical for holding parties accountable and making sure that appropriate measures are taken to prevent similar incidents in the future.

The exposure of citizens’ personal data like this highlights the need for robust cybersecurity techniques to protect sensitive information and prevent similar breaches in the future from the Bangladeshi government and organizations.

For more news and updates on Cybersecurity, visit The Cybersecurity Club.

Telekom Malaysia Data Breach Exposes Unifi Customers’ Personal Information

Sri Lankan Government Suffers Severe Data Loss Due to Ransomware Attack

LinkedIn Account Hacks: Widespread Hacks Spark Concern Among Users

Russian APT28 Group Launched Cyberattack on Ukrainian Energy Facility