Bangladesh Government’s e-Government Computer Incident Response Team (BGD e-GOV CIRT) said that it “promptly” addressed the data breach
The government on Sunday (9 July) took down the sensitive data of over 5 crore Bangladeshi citizens’ that had been exposed online, said Bangladesh Government’s e-Government Computer Incident Response Team (BGD e-GOV CIRT), reports US-based online news outlet TechCrunch.
The exposed data includes personal information such as citizens’ full names, phone numbers, email addresses and National Identification (NID) numbers.
CIRT in a recent press release said that it “promptly” addressed the data breach, and “demonstrated its professionalism and expertise by swiftly initiating a thorough investigation into the matter, leaving no stone unturned in pursuit of understanding the extent and impact of the data breach.”
According to a report published by TechCrunch, Viktor Markopoulos, a researcher working in Bitcrack Cyber Security, accidentally discovered the leak on 27 June.
Mentioning that the leak includes the personal data of more than 50 million Bangladeshi citizens, Viktor said he informed the Bangladesh e-Government Computer Incident Response Team (CIRT) about the data breach.
TechCrunch verified the legitimacy of the leaked data by using a public search tool on the affected government website.
They conducted the search using a portion of leaked data several times, and in all instances, the website confirmed the data of Bangladeshi citizens.
BGD e-GOV CIRT requested to take the following measures to ensure security as well as data protection:
- Enhance capability to combat growing cyber threats.
- Ensure vital services such as DNS, NTP as well as network middleboxes are securely configured and are not exposed on the internet.
- Ensure proper Information and Cyber Security awareness training among all the employees, customers, and consumers to report issues, if they observe any anomalies and/ or suspicious activities.
- Ensure strict network and user activity monitoring 24/7
- Conduct Vulnerability Assessment and Penetration Testing (VAPT) for all the systems on a regular basis.
- Configure and harden web applications as per OWASP guidelines https://onwasp.onrg/www-pronject-web-security-testing-guide/v41/)
- Report or inform BGD e-GOV CIRT regarding the detection of IOCs and/ or any suspicious activities observed within the environment, to work in collaboration through https://www.cirt.gov.bd/incident-reporting/ or cti@cirt.gov.bd
