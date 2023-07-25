



Probe report said the personal information of citizens was leaked from the website of Registrar General's Office of Registration of Births and Deaths due to technical weakness in the web application. Besides, the officials were grossly negligent in the report, their punishment was not recommended.



ICT State Minister Zunaid Ahmed Palak gave this information at a review meeting organised on the investigation report at ICT Tower in Agargaon of the capital on Monday.





Besides, Palak pointed out that even though the officials were grossly negligent in the report, their punishment not recommended.



Palak said that the relevant ministry will decide whether the culprits will be punished or acquitted.



However, Palak further claims that the information leak of citizens is not a hack. Rather, it was due to technical error. Even he was not sure about how much citizen's information was leaked.



Palak further said, "We have yet to find evidence that cybercriminals have taken any information".



Palak also said that the ICT division will submit the investigation report to Prime Minister Sheikh Hasina on Monday.



According to the ICT division, the technical weakness of the web application of the concerned organisation has been considered as the main reason for the data leakage. Investigation reviews and findings with concerned authorities and their technical teams revealed that their web applications lacked proper monitoring due to shortage of manpower with adequate technical knowledge.



Some suggestions for the concerned organisations have also been given in the investigation report.



These include- obtaining a full Vulnerability Assessment and Penetration Test (VAPT) report of the web application and taking necessary steps to resolve the errors, testing the software architecture of the existing web application by Bangladesh Computer Council (BCC) Software Quality Testing and Certification Center (SQTC) and BNDA members of BCC.



Besides, increasing the number of members of the technical team, increasing the overall technical capacity, ensuring cyber security by forming Cert, Sock and Knock as per the instructions of Digital Security Agency (DSA) as Critical Information Infrastructure (CII) and reporting to the Digital Security Agency following CII guidelines if there are signs of any kind of cyber security disruption.



Earlier, on June 27, a researcher named Victor Markopoulos of Bitcrack Cyber Security, an international cyber security organisation based in South Africa, reported the information leak of millions of Bangladeshi citizens.



He said that suddenly he saw the leaked information. Within moments, he contacted the Bangladesh Government's Computer Incident Response Team (BGD e-Gov CIRT).



After that an online media based on information technology in the United States, named TechCrunch, verified the authenticity. According to the company, the test was conducted using the query section of a 'public search tool' on the respective website. It also found other information contained in the leaked database.



Following the incident of information leak created a commotion in the country, the government also took the issue seriously and set up investigation committee to find out the reason behind it. In addition, the government's ICT division has already started working to keep personal information more secure.



Earlier, on last Saturday at a city hotel, Palak told reporters that the detailed analysis of the investigation report will be disclosed to public. Determining who is actually responsible.



Earlier, on July 9, at an award ceremony organised at the Bangladesh Computer Council Auditorium in Agargaon, State Minister Palak said that there has been an incident of information leakage from the website of the Registrar General's Office of Registration of Births and Deaths.



In response to questions from reporters on that day, Palak also said that the 27th institution from the list of 29 institutions that were declared as critical information infrastructure is in this situation.



Meanwhile Bangladesh Government law reads, illegal access to critical information infrastructure can be punished with imprisonment of 7 years or a maximum fine of Tk 25 lakh or both. Illegally entering and causing damage or attempting to damage shall be punishable with imprisonment for 14 years or a maximum fine of Tk 1 crore or both.



