The report does not recommend any legal or criminal actions against those deemed responsible
Published : 25 Jul 2023, 12:06 AM
A committee commissioned by the ICT Division to investigate the data leak from the government's birth and death registration website could not ascertain the number of individuals whose information was exposed or their identities after a data breach exposed the personal information of millions of citizens.
The committee also failed to hold anyone accountable for the security breach of private citizen information on the government's Critical Information Infrastructure, or CII, website.
Moreover, the report did not recommend any legal or criminal actions against those deemed responsible.
State Minister for ICT Zunaid Ahmed Palak said he lacks the authority to take action against anyone during a media briefing after a meeting with the digital security agency and related parties on the report at the ICT Tower in Dhaka’s Agargaon on Monday.
He will forward the report to the Prime Minister's Office and the Ministry of Local Government for their attention, as the Office of the Registrar General, Birth & Death Registration, falls under their jurisdiction.
A US website, TechCrunch, first broke the news on Jul 6, revealing that a researcher for Bitcrack Cyber Security, a South Africa-based organisation, accidentally stumbled onto the trove of data on Jun 27 during a regular Google search.
The leak included the full names, telephone numbers, email addresses, and national ID numbers of Bangladeshi citizens.
TechCrunch also said the researcher, Viktor Markopoulos, immediately emailed the Bangladesh government’s e-Government Computer Incident Response Team, or CIRT, about the situation.
On Jul 11, an eight-member investigation committee, headed by the Digital Security Agency director general, was formed and given seven days to submit its report. The committee complied and submitted its report on Jul 17.
According to Palak, the investigation committee included officials from various law enforcement agencies, intelligence agencies, and BGD CIRT. They submitted the report unanimously.
“The committee said that technical shortcomings in a web application registered under the http://gov.bd domain led to the leak of the personal data of millions of Bangladeshis online,” Palak said.
“No log files are stored in the application system of that office.”