The authorities were told about the vulnerability on a government website in early June before millions of citizens' personal information was leaked, according to the Bangladeshi Government Computer Incident Response Team, or BGD e-GOV CIRT.
CIRT Project Director Saiful Alam Khan told bdnews24.com that the website's weakness was identified during a routine monitoring.
"In the first week of June, we notified the department about the website's vulnerability through a letter," he said, adding that sending such letters to address website issues is part of their regular work.
Saiful said they received information on Monday that the issue is resolved.
They will resume monitoring the site starting on Tuesday, he said.
State Minister for ICT Zunaid Ahmed Palak conceded that technical shortcomings in a web application registered under the http://gov.bd domain led to the leak of the personal data of millions of Bangladeshis online.
Without revealing the application's name for security reasons, Palak blamed the system administrators responsible for securing the database as per the data protection guidelines for the leak.
“The system had some shortcomings, so if anyone searched the database for any information, the whole database became public. It was not hacked or attacked by any cybercriminal,” the minister said on Sunday while speaking at a programme in Dhaka.
According to another CIRT engineer, the website's vulnerability was due to a security issue in the Application Programming Interface (API) used for its creation, allowing unrestricted access to the site's information, including a database containing around 50 million citizen records.
A US website, TechCrunch, first broke the news on Jul 6, revealing that a researcher for Bitcrack Cyber Security, a South Africa-based organisation, accidentally stumbled onto the trove of data on Jun 27 during a regular Google search.
TechCrunch also said the researcher, Viktor Markopoulos, immediately emailed CIRT about the situation.
CIRT said it was investigating the issue, but described the leak as a “data breach”.