Home
+
According to a report, a researcher of a cybersecurity firm accidentally stumbled on to the trove of data on Jun 27 during a regular Google search
Published : 09 Jul 2023, 08:08 PM
A Bangladeshi minister has conceded that technical shortcomings in a web application registered under the gov.bd domain led to the leak of the personal data of millions of Bangladeshis online.
Without revealing the application's name for security reasons, Zunaid Ahmed Palak, the state minister for information and communication technology, blamed the system administrators responsible for securing the database as per the data protection guidelines for the leak.
“The system had some shortcomings, which is why if anyone searched the database for any information, the whole database became public. It was not hacked or attacked by any cybercriminal,” the minister said on Sunday while speaking at a programme in Dhaka.
A US website TechCrunch first broke the news on Jul 6, revealing that a researcher for Bitcrack Cyber Security, a South Africa-based organisation, accidentally stumbled onto the trove of data on Jun 27 during a regular Google search.
TechCrunch also said the researcher, Viktor Markopoulos, immediately emailed the Bangladesh government’s e-Government Computer Incident Response Team, or CIRT, about the situation.
Palak, however, said the CIRT team has yet to receive any such email.
Regretting the incident, the minister said the lack of sincerity among some web administrators tasked to secure 29 ‘Computer Critical Infrastructure’ in the county may have resulted in the leak.
The government last year designated 29 organisations as Critical Information Infrastructure, or CCI, making unauthorised access to their database a criminal offence.
THE 29 CRITICAL INFORMATION INFRASTRUCTURE
- The Prime Minister’s Office.
- The President's Office.
- Bangladesh Bank.
- National Board of Revenue.
- Immigration and Passport Department.
- Bridges Division.
- National Data Centre Company Ltd
- National Data Centre.
- Bangladesh Computer Council.
- Bangladesh Telecommunication Regulatory Commission.
- Election Commission's National Identity Database.
- Central Procurement Technical Unit.
- Sonali Bank.
- Agrani Bank
- Rupali Bank.
- Janata Bank.
- Rooppur Nuclear Power plant project.
- Biman Bangladesh Airlines.
- Immigration, Bangladesh Police.
- Bangladesh Telecommunication Company Ltd.
- Power Grid Company of Bangladesh.
- Bangladesh Power Development Board.
- Titas Gas Transmission and Distribution Company.
- Central Depository Bangladesh.
- Bangabandhu Satellite Company.
- Bangladesh Securities and Stock Exchange Commission.
- Civil Aviation Authority Bangladesh.
- Registrar General's Office, birth and death registration.
- Dhaka and Chattogram Stock Exchanges
However, the minister has not made any comment about what kind of actions will be taken against those responsible.
‘DATA ON NID SERVER WAS NOT LEAKED’
Meanwhile, the Director General of the National Identity Registration Division, AKM Humayun Kabir, confirmed that the database of millions of Bangladeshi voters under his supervision is “secure”, and their database was not leaked online.
In a press briefing on Sunday, DG Humayun said at present, 171 organisations and institutions across the country are linked to the database, and so far, none of those poses any “threat”.
“We are working with the 171 organisations to determine the security level of their portals. If we find any breach, we will terminate our contract with them,” he said.
