Personal data of 50 million Bangladeshis leaked on government website

By SM Najmus Sakib

DHAKA, Bangladesh (AA) - A government office told Anadolu on Saturday it was examining a breach of more than 50 million Bangladeshis’ personal information that was exposed on a government website, and termed it “a global cyber insecurity crisis.”

The development surfaced after Viktor Markopoulos from Bitcrack Cyber Security discovered the leak June 27, TechCrunch, a US high-tech online portal, reported Friday.

The cybersecurity specialist claimed that TechCrunch immediately contacted the Bangladesh e-Government Computer Incident Response Team (BGD e-GOV CIRT) but Markopoulos did not receive a response.

The personal information included names, telephone numbers, email addresses and National Identity Card (NID) numbers. The information is accessible on the government website.

“The leaked data is legitimate by using a portion to query a public search tool on the affected government website,” said TechCrunch. “By doing this, the website returned other data contained in the leaked database, such as the name of the person who applied to register, as well as — in some cases — the name of their parents. We attempted this with 10 different sets of data, which all returned correct data.”

TechCrunch did not identify the website as the data is still available online.

“In Bangladesh, every citizen aged 18 and older is issued a National Identity Card, which assigns a unique ID to every citizen. The card is mandatory and gives citizens access to several services, such as getting a driver’s license, passport, buying and selling land, opening a bank account, and others,” it added.

Markopoulos said finding the data “was too easy.”

Public Relations Officer (IT) of BGD e-GOV CIRT, Sukanta Chakraborty, told Anadolu that his company is scrutinizing the breach and analyzing from which end the “possible” data leak happened.

“We are working on it. Our technical team with support from our global partners closely monitoring and examining the whole incident. This is a cyber security issue that is updating every minute across the globe. Therefore, it could be exposed through any user end,” he said.

Chakraborty suggested that victims should not worry about the leak.

“Such data leak incidents often happen across the world. We cannot deny it. Therefore, this is not a question of ability or competency on cyber security rather it is a global problem--of which, we are not out of it,” he said.

In 2016, hackers stole nearly $1 billion from the account of the Federal Reserve Bank of New York that belonged to the central bank of Bangladesh. Bangladesh was fortunate that the hackers made away with less than one-tenth the amount of the biggest cyber heist in history.

Bangladesh, however, made little progress in recovering the money.