The Bangladeshi government on Sunday took down citizens’ sensitive data that it had left exposed online.
On Friday, TechCrunch reported that a website belonging to the government of Bangladesh was leaking the personal information of the country’s citizens, including full names, phone numbers, email addresses and national ID numbers.
At the time, we didn’t disclose which website in particular was leaking because the data was still accessible. We can now report that the issue was with the Office of the Registrar General, Birth & Death Registration website.
Bangladeshi’s e-Government Computer Incident Response Team (CIRT) said the data has now been taken down.
Viktor Markopoulos, a researcher who works for Bitcrack Cyber Security, found the data at the end of June, and then alerted CIRT. According to his estimate, the website leaked data on around 50 million Bangladeshi citizens.
Last week, we also reached out to CIRT, as well as the Bangladesh government’s press office, its embassy in Washington, D.C. and its consulate in New York City. None responded to our request for comment last week, and did not immediately respond to follow-up requests for this story.
In a press release on Saturday, CIRT said that it “promptly” addressed the data breach, and “demonstrated its professionalism and expertise by swiftly initiating a thorough investigation into the matter, leaving no stone unturned in pursuit of understanding the extent and impact of the data breach.”
Bangladesh’s State Minister for Information and Communication Technology Zunaid Ahmed Palak said that “no government website has been hacked. Citizens’ information was exposed due to the vulnerability of the website,” according to the Business Standard, a local newspaper.
Bangladesh’s Home Minister Asaduzzaman Khan Kamal reportedly said that law enforcement agencies are investigating the incident.
Do you have information about similar leaks or data breaches? We’d love to hear from you. From a non-work device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Wickr, Telegram and Wire @lorenzofb, or email firstname.lastname@example.org. You can also contact TechCrunch via SecureDrop.