NID Data Leak: EC names 5 orgs involved

February 11, 2025

Staff Reporter :

The Election Commission (EC) has identified five organisations involved in using leaked National Identity (NID) verification service data, following an initial investigation.

EC Secretary Akhtar Ahmed shared this information with journalists on Monday after a meeting at the EC headquarters in Agargaon, Dhaka, with representatives from organisations that utilise the NID verification service.

The five organisations implicated are the Directorate General of Health Services (DGHS), UCB Bank’s Upay, Chattogram Port Authority, the Department of Women Affairs, and iBAS under the Ministry of Finance.

Currently, 182 organisations use the NID verification service.
Secretary Ahmed confirmed that the concerned organisations have been issued show-cause notices.

He added, “We are investigating whether this breach occurred due to negligence or intentional misconduct. If any party is found to have acted deliberately, it will be treated as a punishable offence.”

He also stressed the importance of limiting data usage, stating, “Keeping data access open and then blaming perpetrators is not the right approach.”

Furthermore, he highlighted that some organisations have been sharing the service with others in violation of contractual terms. The EC will now review the extent of data accessed by each entity and whether it exceeds their actual requirements, in consultation with relevant stakeholders.

In last October, a man named EnamulHaque has filed a case with Kafrul Police Station under the Cyber Security Act accusing SajeebWazed Joy, former ousted prime minister Sheikh Hasina’s son and ICT adviser, Zunaid Ahmed Palak, former state minister for ICT, and 17 others over selling citizens’ National ID (NID) information.

Joy, Palak and the others were also accused of embezzling around Tk 20,000 crore through the sale of the data, said TaleburRahman, deputy commissioner (media) of Dhaka Metropolitan Police.

Joy and Palak abused their powers by facilitating the sale of citizens’ NID information through an organised syndicate, according to the case statement.

They allegedly allowed Digicon Global Services Limited to use the NID data for business dealings with various organisations without ensuring national security and personal data protection.

The data was sold to approximately 182 entities, both domestic and international, resulting in concerns over public security, the plaintiff said in the case.

The other accused include Tareque M Barkatullah, former director of the data centre; WahidurRahman Sharif, director of Digicon; NM ZiaulAlam, former senior secretary of the ICT ministry; MahbuburRahman, former executive director (additional responsibility) of the Bangladesh Computer Council; Abdul Baten, former director (operations) of the National Identity Registration Wing at the Election Commission Secretariat.

The Detective Branch of police arrested former data centre director Tareque in the Kafrul area yesterday morning.

Ashraf Hossain, former senior maintenance engineer at the Election Commission Secretariat; Lt Col (retd) RakibulHasan from the National Telecommunication Monitoring Center (NTMC); Rezaul Islam, former deputy secretary of the Cabinet Division; Haider Ali, retired professor of the CSE department at Dhaka University, and Muhammad Mahfuzul Islam, former vice chancellor of the Canadian University of Bangladesh, were also accused in the case.
In the case statement, Enamul referenced news reports from the Daily Jugantor and Jamuna TV to state that the Election Commission prepared a list with the photos of 11.21 crore voters.

It has developed a data centre with 46 types of personal information of these voters. Tareque served as the director of the data centre from 2011 to 2023, and as the director of the Digital Security Agency, responsible for safeguarding national and public data, from 2019 to 2023.

The plaintiff alleges in the case that Joy colluded with Tareque and misused his authority to sell sensitive voter information on the open market.

The case says that former state minister Palak held a meeting with officials from the EC and the ICT Department, along with PM’s former ICT adviser Joy on March 21, 2019.

During the meeting, Joy proposed obtaining a mirror copy of the NID card database.
The EC reportedly provided a mirror copy of this database to the National Computer Council.

Meanwhile, the authorities granted Digicon permission to conduct business by supplying the personal information of citizens to various organisations.

Using this access, Wahidur, director of Digicon, allegedly collaborated with Joy and others to launch a website under the domain porichoy.gov.bd.

This website reportedly began selling personal information to approximately 182 entities, both domestic and international, exploiting NID data for profit, the plaintiff said in the case.