2023 Bangladesh Government website data breach explained

In June and July 2023, a major data breach occurred in a Bangladesh Government website, resulting in the unauthorized exposure and compromise of personal data belonging to more than 50 million Bangladeshi citizens.[1] [2] [3]

Background

On July 7, 2023, it was discovered that a government website in Bangladesh had inadvertently exposed the personal data of citizens due to security vulnerabilities.The breach was not a result of a deliberate hack, but rather a consequence of weaknesses in the infrastructure and data protection practices of the websites. The exposed data included sensitive information such as names, addresses, phone numbers, and national identification numbers.[4] From October 2023, the leaked NID data of Bangladeshi citizens are openly accessible on Telegram channels.[5]

Breach incident

The breach was initially reported by American technology news website TechCrunch, on July 7, 2023. According to their reports, the exposed data was accessible via the government website, potentially allowing unauthorized individuals to access and misuse citizens' personal information. They initially did not reveal the website's name as breached data were still accessible, however they later revealed that the data breach occurred in the Office of the Registrar General, Birth & Death Registration website.[6] The incident raised concerns about privacy and data security, causing alarm among affected individuals.[7]

Zunaid Ahmed Palak, the state minister for Information and Communication Technology in Bangladesh, acknowledged the breach and clarified that it was not the result of hacking but rather a consequence of the security weaknesses presents in the websites. Palak further explained that the websites had vulnerabilities that were exploited, resulting in the exposure of citizens' personal data.[8] [9]

Government Response

In response to the data breach, the Bangladesh government took action to address the situation. On July 10, 2023, the government announced the takedown of the exposed citizens' data, ensuring that it was no longer accessible to unauthorized individuals. The affected government websites were temporarily shut down to address the security vulnerabilities and strengthen their data protection measures.[10]

Additionally, the government launched an investigation into the incident to ascertain the extent of the data exposure and identify the parties responsible for the security weaknesses. The objective was to prevent similar incidents from occurring in the future by implementing more robust security protocols and measures to safeguard citizens' personal information.

Impact and Controversy

According to experts, the data breach had significant implications for the affected citizens and raised concerns about data security in the country. The exposure of personal data could potentially lead to fraudulent activities, identity theft, or other malicious purposes. The breach underscored the need for stringent cybersecurity practices and triggered discussions about the security measures implemented by government websites in Bangladesh.[11] [12]

The incident generated controversy and prompted discussions regarding the government's responsibility in protecting citizens' data. Critics argued that the data breach highlighted a lack of attention to cybersecurity and a failure to prioritize the protection of sensitive information. Others emphasized the importance of regular security audits and timely detection and remediation of vulnerabilities.[13]

See also

Notes and References

  1. Web site: 2023-07-08 . Over 5 crore Bangladeshi citizens' personal data 'exposed' online . 2023-07-12 . The Business Standard . en.
  2. Web site: 2023-07-08 . Sound the alarm bell: Inside the leak of 50 million Bangladeshis' personal data . 2023-07-12 . The Business Standard . en.
  3. Web site: Bangladesh government website leaks citizens' personal data: TechCrunch . 2023-07-12 . The Financial Express . en.
  4. Web site: Paganini . Pierluigi . 2023-07-07 . Bangladesh government website leaked data of millions of citizens . 2023-07-12 . Security Affairs . en-US.
  5. https://bangla.dhakatribune.com/bangladesh/71632/%E0%A6%8F%E0%A6%A8%E0%A6%86%E0%A6%87%E0%A6%A1%E0%A6%BF%E0%A6%B0-%E0%A6%AB%E0%A6%BE%E0%A6%81%E0%A6%B8-%E0%A6%B9%E0%A6%93%E0%A7%9F%E0%A6%BE-%E0%A6%A4%E0%A6%A5%E0%A7%8D%E0%A6%AF-%E0%A6%AE%E0%A6%BF%E0%A6%B2%E0%A6%9B%E0%A7%87-%E0%A6%9F%E0%A7%87%E0%A6%B2%E0%A6%BF%E0%A6%97%E0%A7%8D%E0%A6%B0%E0%A6%BE%E0%A6%AE-%E0%A6%9A%E0%A7%8D%E0%A6%AF%E0%A6%BE%E0%A6%A8%E0%A7%87%E0%A6%B2%E0%A7%87?fbclid=IwAR1JUChDqBZooyDq0Dhgh8NWTPJ_gh9ryREAsJIcRVfoS__Z_Oalb1IUyw0 এনআইডির ফাঁস হওয়া তথ্য মিলছে টেলিগ্রাম চ্যানেলে
  6. Web site: Franceschi-Bicchierai . Lorenzo . 2023-07-10 . Bangladesh government takes down exposed citizens' data . 2023-07-12 . TechCrunch . en-US.
  7. Web site: 2023-07-09 . সরকারি ওয়েবসাইট থেকে ব্যক্তিগত তথ্য ফাঁসে কী ধরণের ঝুঁকিতে পড়বেন আপনি? . 2023-07-12 . BBC News বাংলা . bn.
  8. Web site: 2023-07-09 . Site's weakness to blame for exposing citizens' data: Palak . 2023-07-12 . The Business Standard . en.
  9. Web site: Tech & Startup Desk . 2023-07-09 . Personal data leak by govt. website: No scope to evade responsibility, says Palak . 2023-07-12 . The Daily Star . en.
  10. Web site: Ferdous . Raiyan . Press Release July 08 2023: Alert from CIRT . 2023-07-12 . BGD e-GOV CIRT Bangladesh e-Government Computer Incident Response Team . en-US.
  11. Web site: ডেস্ক . হাল ফ্যাশন . ব্যক্তিগত তথ্য ফাঁস হলে যেসব ঝুঁকিতে পড়তে পারেন আপনি . 2023-07-12 . Haalfashion . bn.
  12. Web site: 2023-07-10 . সাইবার সিকিউরিটি: বাংলাদেশে সরকারি দপ্তরের তথ্য ফাঁস কতটা বিপজ্জনক হয়ে উঠছে? . 2023-07-12 . BBC News বাংলা . bn.
  13. Web site: হোসেন . বি এম মইনুল . 2023-07-11 . বোঝা গেল ডিজিটাল নিরাপত্তাব্যবস্থা কতটা খারাপ . 2023-07-12 . Prothomalo . bn.