In June and July 2023, a major data breach occurred in a Bangladesh Government website, resulting in the unauthorized exposure and compromise of personal data belonging to more than 50 million Bangladeshi citizens.[1][2][3]
Background
editOn July 7, 2023, it was discovered that a government website in Bangladesh had inadvertently exposed the personal data of citizens due to security vulnerabilities.[4]The breach was not a result of a deliberate hack, but rather a consequence of weaknesses in the infrastructure and data protection practices of the websites. The exposed data included sensitive information such as names, addresses, phone numbers, and national identification numbers.[5] From October 2023, the leaked NID data of Bangladeshi citizens are openly accessible on Telegram channels.[6]
Breach incident
editThe breach was initially reported by American technology news website TechCrunch, on July 7, 2023. According to their reports, the exposed data was accessible via the government website, potentially allowing unauthorized individuals to access and misuse citizens' personal information. They initially did not reveal the website's name as breached data were still accessible, however they later revealed that the data breach occurred in the Office of the Registrar General, Birth & Death Registration website.[4] The incident raised concerns about privacy and data security, causing alarm among affected individuals.[7]
Zunaid Ahmed Palak, the state minister for Information and Communication Technology in Bangladesh, acknowledged the breach and clarified that it was not the result of hacking but rather a consequence of the security weaknesses presents in the websites. Palak further explained that the websites had vulnerabilities that were exploited, resulting in the exposure of citizens' personal data.[8][9]
Government Response
editIn response to the data breach, the Bangladesh government took action to address the situation. On July 10, 2023, the government announced the takedown of the exposed citizens' data, ensuring that it was no longer accessible to unauthorized individuals. The affected government websites were temporarily shut down to address the security vulnerabilities and strengthen their data protection measures.[10][4]
Additionally, the government launched an investigation into the incident to ascertain the extent of the data exposure and identify the parties responsible for the security weaknesses. The objective was to prevent similar incidents from occurring in the future by implementing more robust security protocols and measures to safeguard citizens' personal information.[4]
Impact and Controversy
editAccording to experts, the data breach had significant implications for the affected citizens and raised concerns about data security in the country. The exposure of personal data could potentially lead to fraudulent activities, identity theft, or other malicious purposes. The breach underscored the need for stringent cybersecurity practices and triggered discussions about the security measures implemented by government websites in Bangladesh.[11][12]
The incident generated controversy and prompted discussions regarding the government's responsibility in protecting citizens' data. Critics argued that the data breach highlighted a lack of attention to cybersecurity and a failure to prioritize the protection of sensitive information.[7] Others emphasized the importance of regular security audits and timely detection and remediation of vulnerabilities.[13]
See also
editReferences
edit- ^ "Over 5 crore Bangladeshi citizens' personal data 'exposed' online". The Business Standard. 2023-07-08. Retrieved 2023-07-12.
- ^ "Sound the alarm bell: Inside the leak of 50 million Bangladeshis' personal data". The Business Standard. 2023-07-08. Retrieved 2023-07-12.
- ^ "Bangladesh government website leaks citizens' personal data: TechCrunch". The Financial Express. Retrieved 2023-07-12.
- ^ a b c d Franceschi-Bicchierai, Lorenzo (2023-07-10). "Bangladesh government takes down exposed citizens' data". TechCrunch. Retrieved 2023-07-12.
- ^ Paganini, Pierluigi (2023-07-07). "Bangladesh government website leaked data of millions of citizens". Security Affairs. Retrieved 2023-07-12.
- ^ এনআইডির ফাঁস হওয়া তথ্য মিলছে টেলিগ্রাম চ্যানেলে (dhakatribune.com)
- ^ a b "সরকারি ওয়েবসাইট থেকে ব্যক্তিগত তথ্য ফাঁসে কী ধরণের ঝুঁকিতে পড়বেন আপনি?". BBC News বাংলা (in Bengali). 2023-07-09. Retrieved 2023-07-12.
- ^ "Site's weakness to blame for exposing citizens' data: Palak". The Business Standard. 2023-07-09. Retrieved 2023-07-12.
- ^ Tech & Startup Desk (2023-07-09). "Personal data leak by govt. website: No scope to evade responsibility, says Palak". The Daily Star. Retrieved 2023-07-12.
- ^ Ferdous, Raiyan. "Press Release July 08 2023: Alert from CIRT". BGD e-GOV CIRT | Bangladesh e-Government Computer Incident Response Team. Retrieved 2023-07-12.
- ^ ডেস্ক, হাল ফ্যাশন. "ব্যক্তিগত তথ্য ফাঁস হলে যেসব ঝুঁকিতে পড়তে পারেন আপনি". Haalfashion (in Bengali). Retrieved 2023-07-12.
- ^ "সাইবার সিকিউরিটি: বাংলাদেশে সরকারি দপ্তরের তথ্য ফাঁস কতটা বিপজ্জনক হয়ে উঠছে?". BBC News বাংলা (in Bengali). 2023-07-10. Retrieved 2023-07-12.
- ^ হোসেন, বি এম মইনুল (2023-07-11). "বোঝা গেল ডিজিটাল নিরাপত্তাব্যবস্থা কতটা খারাপ". Prothomalo (in Bengali). Retrieved 2023-07-12.