Authorities must admit data leak responsibilities and punish the hackers
We are concerned over the recent leak of data of millions of Bangladeshis from a government website. According to media reports, more than five crore of our citizens’ personal information has been exposed from the government website. This highlights our serious lack of concern for digital and cyber security and the government officials’ sense of responsibility, commitment and competence.
Reportedly, TechCrunch, an online media based on information technology in the United States in a report on July 7 said that the information of millions of people was leaked through the website of a government agency in Bangladesh. They conducted the search using a portion of leaked data several times, and in all instances, the website confirmed the data of Bangladeshi citizens. Earlier, this leaked data was discovered on June 27 by Viktor Markopoulos, a researcher from Bitcrack Cyber Security, a computer security solutions firm based in South Africa.
The concepts of “Digital Bangladesh” and “Smart Bangladesh” have already been extensively discussed in the country’s political arena. However, the alarming incident of data leak of more than five crore citizens has raised doubts among people about the country’s cyber security. Though the government holds the responsibility of safeguarding and ensuring the security of citizens’ personal information, the incident has exposed the careless and inadequate manner in which it has been handled. The personal data of the individuals were compromised due to vulnerabilities within the website itself.
It is to be noted that the Computer Incident Response Team (CIRT) had earlier sent a letter highlighting security flaws on the website of the relevant agency under the Ministry of Local Government, Rural Development, and Cooperatives. If proper attention had been given to that letter, such a massive information leakage would have not been happened.
Meanwhile, the state minister for the Ministry of Information and Communication at a programme in the capital on Thursday revealed that 29 institutions were classified as “Critical Information Infrastructure” under the Digital Security Act in October last year. Regrettably, he mentioned that some of these institutions fail to respond to email communication and neglect to follow security instructions.
We warn that the instance of citizens’ data leak serves as a clear warning for us to exercise caution. Mere acceptance of liability is not sufficient. The ministry concerned must admit complete responsibility and trace the hackers for severe punishment. If we fail to take them into task, we will inevitably face even graver consequences ahead.