Data leak from govt site: Portal didn’t have minimum security, says Palak
The incident of leaking sensitive personal information of millions of Bangladeshi citizens on the internet from the website of a government organisation was due to technical weaknesses of the site, Zunaid Ahmed Palak said today.
"We saw that there were technical glitches," the state minister for post, telecommunications and information technology said, noting that the website itself was fragile. "That is why the information is exposed to people."
There is no scope to avoid responsibility for this incident, he added.
He was speaking at the inauguration of the Bangabandhu International Cyber Security Awareness Award programme at the BCC Auditorium of ICT Tower in the capital's Agargaon.
Answering journalists' questions after the event, he said the state has suffered a great loss due to this incident.
He said the portal from which the information was made public did not have minimum security. Despite being warned, the officials of the concerned department did not take it into account. Due to their negligence, the state has suffered huge losses.
"We have yet to find evidence that cybercriminals have taken any data. What we found was that there was a technical weakness in the government's website. As a result, the information was very easy to see."
He said, "We announced 29 critical institutions, but the number is increasing step by step. After the cyber-attack on Bangladesh Bank in 2016 in which $81 million was stolen, we realised the importance of cyber security. Out of these 29 institutions, the institution which we identified in the list as number 27 fell into such a situation."
The state minister's comment comes after reports that a security exploit in a Bangladeshi government website has resulted in the exposure of sensitive personal information belonging to millions of Bangladeshi citizens on the internet.
The leaked data includes names, birth dates, and National Identification (NID) numbers of over 50 million users which is allegedly easily accessible through a simple Google search.
TechCrunch initially reported the breach, which was discovered on June 27 by Viktor Markopoulos, a researcher from Bitcrack Cyber Security, a computer security solutions firm based in South Africa.