Personal data leak by govt. website: No scope to evade responsibility, says Palak
Speaking at the prestigious Bangabandhu International Cyber Security Awareness Award program, the State Minister of Information and Technology (ICT), Junaid Ahmed Palak, acknowledged the recent data leak by a government website and assumed full responsibility for the data breach, emphasizing the need to address the issue promptly.
The event, held at the BCC Auditorium of ICT Tower in Agargaon, was organized by the Bangladesh Hi-Tech Park Authority. Junaid Ahmed, serving as the chief guest, shed light on the data leak without explicitly mentioning the affected website. TechCrunch, a leading United States-based online media outlet specializing in information technology, reported on July 7 that the personal information of millions of individuals had been compromised through a Bangladeshi government agency's website. For security reasons, TechCrunch refrained from disclosing the website in question.
On Saturday night, the Bangladesh Computer Council's BGD e-Gov CERT project, responsible for cybersecurity issues of the country, issued a circular stating that their team had initiated an investigation following reports of the breach of personal information reaching international press outlets. The incident has sparked intense debates regarding the magnitude of the breach and its potential ramifications.
Personal information, encompassing individuals' names, addresses, birth certificates, mobile phone and passport numbers, as well as fingerprints, was compromised, exposing affected individuals to potential risks of fraud and criminal activities.
According to TechCrunch, the data leaks were discovered by Victor Markopoulos, a researcher at BitCrack Cyber Security, an international organization based in South Africa that specializes in cybersecurity. TechCrunch attempted to contact various Bangladeshi authorities, including BGD e-Gov CERT, the government's press office, the Bangladesh Embassy in Washington DC, and the Bangladeshi consulate in New York City, seeking further information about the incident but received no response.
During his speech, the state minister highlighted the security weaknesses prevalent in government agencies, revealing that 29 institutions were classified as "Critical Information Infrastructure" under the Digital Security Act in October of the previous year. Regrettably, some of these institutions fail to respond to email communication and neglect to follow security instructions.
State Minister Junaid Ahmed emphasized the growing importance of data protection, stating that while cost savings were previously prioritized in cybersecurity, it is now widely understood that data has become the new currency. He stressed the significance of raising public awareness, enhancing IT capacity, fostering skilled manpower, and implementing laws and guidelines. Furthermore, he proposed the establishment of dedicated security teams for each of the 29 critical information infrastructures.
In a subsequent interaction with reporters, Junaid Ahmed acknowledged that no organization could claim absolute safety, but stressed the need for preparedness. He criticized the lack of adequate preparation preceding the incident and emphasized that the responsibility for such losses cannot be evaded.
The ceremony saw the participation of esteemed figures, including Samsul Arefin, Secretary of the ICT department, Abu Saeed Kamruzzaman, Director General of the Digital Security Agency, Mohammad Rezaul Karim, Managing Director of the Hi-Tech Park Authority, and other notable speakers.
Comments