A leak of the personal information of citizens was recorded on the website of the Government of Bangladesh.
The data that belongs to the category of confidential information and should not have been accessed by third parties include the full names of citizens, telephone numbers, national identification numbers, and email addresses.
Victor Markopoulos, a researcher working at Bit Crack Cyber Security, reported that he accidentally discovered the leak on June 27. After that, the specialist contacted the Computer Incident Response Team of the Electronic Government of Bangladesh (CERT). According to him, during the leak, the confidential data of several million citizens turned out to be in the space of unwanted access.
At the same time, this incident is not a crime or other act that violates the law. The journalists found out that citizens’ personal information can be obtained within the permitted procedure by using a publicly available search tool on a government Internet page. But the very fact of the leak is a failure. Information can be obtained as part of a legitimate procedure, but getting a large amount of data into the online environment of other virtual platforms is not a normal practice.
Victor Markopoulos says that confidential data continues to be available in the online space. None of the country’s government organizations provided comments on the leak.
Every resident of Bangladesh, upon reaching the age of 18, receives a national identity card, which is also a unique identification number. The availability of this card is a prerequisite for access to a number of public services, including obtaining a passport and driver’s license, buying and selling land, opening a bank account, and others.
Victor Markopoulos says that in this case, the search for personal information was as simple as possible. According to him, obtaining the data was possible by entering a corresponding query in the Google search engine.
The appearance of email addresses, phone numbers, and national identity card numbers outside the privacy space is a mistake, but the same information is often used to access applications or delete them, to view the confirmation of the birth registration record.
The cause of the data leak remains to be determined. But it is obvious that in this case there could not be a criminal component, since the ease of access to arrays of confidential information actually meant that the data were not in a closed system with limited opportunities for external intervention.
As we have reported earlier, US Patent and Trademark Office Notifies Filers of Years-Long Data Leak.