Various personal information including NID number, email address, phone numbers and names of many Bangladeshis have been leaked from a Bangladeshi government website.
There was recently a data breach on a Bangladeshi government website that leaked the names, phone numbers, email addresses, and National Identification (NID) numbers of over five crore Bangladeshi citizens. South African-based Bitcrack Cyber Security researcher Viktor Markopoulos had discovered the leak on June 27 and reported the Bangladesh government of the situation through Computer Incident Response Team (CIRT).
You can also read: META brings in new rival of Twitter named “THREADS”
The CIRT has confirmed the data breach and is presently determining the extent of it. This incident comes at a critical time, with the general election approaching, and highlights the escalating frequency of data breaches and cyberattacks.
According to a press release issued by the BGD e-GOV CIRT Project on Saturday, the CIRT team demonstrated its professionalism and expertise by swiftly initiating a thorough investigation into the matter, leaving no stone unturned in its pursuit of understanding the scope and impact of the data breach.
The CIRT informs institutions of any cyberattack incident.
Government website leak due to technical fault: Palak
State Minister of Information and Technology (ICT) Junaid Ahmed Palak, speaking at the prestigious Bangabandhu International Cyber Security Awareness Award program, acknowledged the recent data leak by a government website, assumed full responsibility for the data breach, and emphasized the urgency of addressing the issue. According to Palak, the government website was not compromised as it occurred due to a technical flaw.
He said: “No one hacked the government website. The site had a technical weakness. As a result, the personal information of millions of people was leaked.”
“We found that the websites where the information was made public did not have the minimum security that should be taken. It was specifically stolen by someone or hacked by cyber hackers – Our investigation didn’t find anything like this,” he said.
The authorities have not been able to identify the perpetrators as of yet.
Increasing cyber security attacks on government agencies and critical infrastructure at risk
In recent months, numerous sectors in Bangladesh have been the target of an increase in cyber attacks and data breaches. The latest leaked data from the government website includes sensitive information about people, which is a big risk to their safety and to the security of the country as a whole. These attacks, which include Distributed Denial of Service (DDoS) and ransomware, have targeted government agencies, law enforcement, and financial institutions.
A worrying incident involves the ongoing attack on the server of Bangladesh Krishi Bank, where ransomware has encrypted the fundamental banking system. The authorities are currently assessing the damage and attempting to recover the data, but the extent of the impact is still unknown.
In early March, hackers demanded $5 million from Biman Bangladesh in exchange for 100 gigabytes of data they were holding captive. As the government was unable to retrieve the data in time, a huge amount of information regarding finances, human resources, training, and satellite communications was compromised.
Then, on June 20, hackers claimed to possess the personal information of one million individuals from the database of the Investment Corporation of Bangladesh. They claimed to have obtained 9,000 pages of data, including names, addresses, and account numbers.
Notably, the Bangladesh Railway online ticket portal was recently subjected to a DDoS attack, though there were no reports of data loss. Similarly, the websites of the Bangladeshi army and air force have been subject to multiple DDoS attacks, resulting in service interruptions but no data compromises.
Government agencies have been identified as the most vulnerable targets, despite efforts to strengthen cybersecurity measures. Under the Digital Security Act, 29 institutions were designated as “Critical Information Infrastructure” in October of the previous year. Nonetheless, some of these institutions have demonstrated ineffective responses to security concerns, such as disregarding security instructions and ineffective email communication.
Moreover, the cyber threats extend beyond domestic actors, as a cyber conflict fueled by nationalist and religious-extremist sentiments has been witnessed between hacking groups in India and Bangladesh. Multiple organizations, including police stations, educational institutions, and government servers, have been targeted by these groups, resulting in the release of significant quantities of sensitive information.
Urgent call for vigilance
Bangladesh’s online infrastructure contains numerous security flaws and unprotected ports, indicating the magnitude of the issue. LeakIX, an online service that indexes vulnerabilities, has identified over 7,000 results for Bangladesh, encompassing major government portals, educational institutions, news websites, and internet service providers.
State Minister Junaid Ahmed emphasized the expanding significance of data protection, stating that while cost savings were previously prioritized in cybersecurity, it is now widely acknowledged that data is the new currency. He highlighted the importance of increasing public awareness, enhancing IT capacity, cultivating qualified labor, and implementing laws and regulations. In addition, he proposed establishing security squads for each of the 29 critical information infrastructures.
To address the growing cyber threats, the Bangladesh Government, military, and financial institutions have been instructed to remain vigilant and implement necessary security measures. The sectors at high risk include government and military entities, critical information infrastructures, law enforcement agencies, banks, pharmaceuticals, retail and industrial organizations, and the energy and education sectors. The situation necessitates immediate action to strengthen cybersecurity measures, improve collaboration among stakeholders, and raise awareness of the significance of cybersecurity among individuals and organizations.
Lastly, to ensure the stability, privacy, and security of Bangladesh’s digital landscape, it is essential to safeguard personal information and protect critical infrastructures from cybersecurity attacks.
