In June and July 2023, a major data breach occurred in a Bangladesh Government website, resulting in the unauthorized exposure and compromise of personal data belonging to more than 50 million Bangladeshi citizens.[1][2][3]
On July 7, 2023, it was discovered that a government website in Bangladesh had inadvertently exposed the personal data of citizens due to security vulnerabilities.[4]The breach was not a result of a deliberate hack, but rather a consequence of weaknesses in the infrastructure and data protection practices of the websites. The exposed data included sensitive information such as names, addresses, phone numbers, and national identification numbers.[5] From October 2023, the leaked NID data of Bangladeshi citizens are openly accessible on Telegram channels.[6]
The breach was initially reported by American technology news website TechCrunch, on July 7, 2023. According to their reports, the exposed data was accessible via the government website, potentially allowing unauthorized individuals to access and misuse citizens' personal information. They initially did not reveal the website's name as breached data were still accessible, however they later revealed that the data breach occurred in the Office of the Registrar General, Birth & Death Registration website.[4] The incident raised concerns about privacy and data security, causing alarm among affected individuals.[7]
Zunaid Ahmed Palak, the state minister for Information and Communication Technology in Bangladesh, acknowledged the breach and clarified that it was not the result of hacking but rather a consequence of the security weaknesses presents in the websites. Palak further explained that the websites had vulnerabilities that were exploited, resulting in the exposure of citizens' personal data.[8][9]
In response to the data breach, the Bangladesh government took action to address the situation. On July 10, 2023, the government announced the takedown of the exposed citizens' data, ensuring that it was no longer accessible to unauthorized individuals. The affected government websites were temporarily shut down to address the security vulnerabilities and strengthen their data protection measures.[10][4]
Additionally, the government launched an investigation into the incident to ascertain the extent of the data exposure and identify the parties responsible for the security weaknesses. The objective was to prevent similar incidents from occurring in the future by implementing more robust security protocols and measures to safeguard citizens' personal information.[4]
According to experts, the data breach had significant implications for the affected citizens and raised concerns about data security in the country. The exposure of personal data could potentially lead to fraudulent activities, identity theft, or other malicious purposes. The breach underscored the need for stringent cybersecurity practices and triggered discussions about the security measures implemented by government websites in Bangladesh.[11][12]
The incident generated controversy and prompted discussions regarding the government's responsibility in protecting citizens' data. Critics argued that the data breach highlighted a lack of attention to cybersecurity and a failure to prioritize the protection of sensitive information.[7] Others emphasized the importance of regular security audits and timely detection and remediation of vulnerabilities.[13]