C T Online Desk: State Minister for Information and Communication Technology Zunaid Ahmed Palak has identified the technical vulnerabilities of web applications and inadequately technically proficient personnel behind the NID data leak of around 50 million Bangladeshis through a government website.
He made the remarks during a review meeting in the conference room of the ICT Division on Monday, when the participants discussed an urgent action plan for cyber security and an investigation into the reasons behind the data leak.
The meeting revealed that the technical shortcomings of the web application belonging to the government office were the main factor behind the leak of personal information.
After an examination and investigation with the relevant authorities and their technical team, it was evident that due to the lack of adequate technically proficient personnel, the web application was not adequately maintained, said the ICT state minister.
Recommendations have been made in the investigation report for the implicated institution.
Furthermore, it was proposed that government institutions holding critical information should employ ICT-proficient skilled personnel and establish regular training provisions.
On June 27, an alarming claim was made by Researcher Viktor Markopoulos from Bitcrack Cyber Security, who discovered the leak. They suggested that the personal information of around 50 million Bangladeshis, including their full names, phone numbers, email addresses, and NID numbers, be openly accessible on a government website.
He promptly informed the Bangladeshi e-Government Computer Incident Response Team (CIRT), TechCrunch, an online portal focusing on high tech, reported.
Markopoulos revealed that the leaked data comprises the details of millions of Bangladeshi citizens.
Shockingly, anyone can visit the website and find citizens’ names, dates of birth, and NID numbers by simply conducting a Google search.
TechCrunch conducted its investigation to validate the authenticity of the leaked data. However, the outlet refrained from disclosing the name of the specific website as the data is still accessible online, as confirmed by Markopoulos.
In response to the news of the massive data breach, CIRT took action by acknowledging the matter and launching a comprehensive investigation.
In a press release on July 8, CIRT emphasized its commitment to ensuring cybersecurity and protecting citizens’ data.
“It is crucial for all stakeholders to collaborate and support CIRT’s efforts to rectify the situation, implement necessary security measures and prevent similar incidents from happening in the future,” the press release read.
