Data breach exposes information of 55 million voters, now available on a Telegram channel.



Image Source: The Daily Star

A serious issue has arisen in Bangladesh where personal information of about 55 million smart National Identity Card (NID) holders has been exposed and is now available on a Telegram channel. This incident has raised major concerns regarding data security and privacy in the country.

Details of the Data Breach:

Officials have confirmed that the data breach has occurred. A Telegram bot can now provide detailed information, such as names, gender, parents' names, phone numbers, addresses, photos, and more, when a 10-digit NID number is entered.
Mr. Mohammad Ashraf Hussain, who manages the NID wing of the Election Commission, discovered this situation. However, he doesn't know who is behind the Telegram channel. Investigations have shown that the data breach originated from one of the 174 organizations with access to the NID server. While steps are being taken to address the issue, the organization responsible for the breach has not been identified. Hussain explained that these organizations often use data from the Election Commission for their websites, and sometimes weaknesses in those websites can lead to data leaks.

On the other hand, Mr. AKM Humayun Kabir, the director-general of the NID wing, claims to have no knowledge of the situation and insists that the NID server remains secure.

Previous Data Breach Incident:

It's important to note that this is not the first incident of a data breach in Bangladesh. On June 7, 2023, TechCrunch reported another data breach in which personal information of around 5 million Bangladeshi nationals was exposed from a government website. The state minister for ICT, Mr. Zunaid Ahmed Palak, attributed this breach to a vulnerability in the server of the Office of the Registrar General. The leaked data included names, phone numbers, email addresses, and national ID numbers.

Recommendations and Concerns:

In response to the earlier data breach, ICT experts recommended continuous monitoring of organizations that access the NID server and regular checks for vulnerabilities and weaknesses. However, it appears that these recommendations have not been fully put into practice.
Many citizens, like Mr. Jahangir Alam, are deeply worried about the recent data breach, as it poses a significant threat to their personal safety and privacy.

The data breach affecting smart NID holders in Bangladesh is a serious violation of privacy and data security. It highlights the urgent need for strong measures to protect sensitive personal information and a thorough review of security practices surrounding the NID server. Immediate actions must be taken to contain the breach, identify those responsible, and prevent similar incidents from happening in the future. Safeguarding the security and privacy of citizens' personal data is crucial in the digital age.