The Bangladeshi government on Sunday deleted sensitive citizen data it had left online.
On Friday, businessroundups.org reported that a Bangladesh government website leaked the personal information of the country’s citizens, including full names, phone numbers, email addresses and national ID numbers.
At the time, we did not disclose which website in particular leaked, as the data was still accessible. We can now report that the problem with the Office of the Registrar General, Birth and Death Registry website.
Bangladesh’s e-Government Computer Incident Response Team (CIRT) said the data has now been deleted.
Viktor Markopoulos, a researcher working for Bitcrack Cyber Security, found the data in late June and subsequently alerted CIRT. According to his estimate, the website leaked data on about 50 million Bangladeshi citizens.
Last week, we also contacted CIRT, the Bangladesh government’s news agency, the embassy in Washington, DC, and the consulate in New York City. No one responded to our request for comment last week and did not immediately respond to follow-up requests for this story.
In a press release on Saturday, CIRT said it “immediately” addressed the data breach and “demonstrated its professionalism and expertise by swiftly launching a thorough investigation into the matter, leaving no stone unturned to assess the scope and impact of the data breach.” “
Bangladesh’s Information and Communications Technology Minister Zunaid Ahmed Palak said that “not a single government website has been hacked. Due to the vulnerability of the website, information from citizens was made public.” according to the Company Standarda local newspaper.
Bangladesh Home Minister Asaduzzaman Khan Kamal reportedly said law enforcement agencies are investigating the incident.
Do you have information about similar leaks or data breaches? We’d love to hear from you. From a non-work device, you can securely contact Lorenzo Franceschi-Bicchierai on Signal at +1 917 257 1382, or via Wickr, Telegram and Wire @lorenzofb, or email firstname.lastname@example.org. You can also contact businessroundups.org at SecureDrop.