Urgent call for stronger server security

In the digital world, data leaks have become a major concern. The situation in Bangladesh is even more alarming, as there is limited attention to data protection, and cyber security is extremely weak. Recently, sensitive data from various government agencies has been leaked on the internet. This includes personal information of more than 100,000 police officers. Additionally, access credentials and secret passwords for a police data repository have also been exposed. We believe such incidents undermine national security, which is a warning sign for the country’s information technology sector.

On Sunday (8 December), news reports revealed that among the institutions affected by data leaks are government service agencies, several banks and financial institutions, transport-related government agencies, a few regulatory bodies, and educational institutions. Most of the leaked data consists of "login data," which includes URLs, IDs, and passwords for accessing government agency databases. The total number of such data items is around 700,000. With this information, anyone could potentially access the relevant databases (if they remain operational). Additionally, the leaked data includes personal information of individuals.

The leakage of such information creates risks for various types of crimes. Identity theft and financial crimes through identity fraud are occurring globally, and these types of crimes are on the rise in Bangladesh as well. There have even been instances where loans have been taken out in an individual's name without their knowledge.

The personal information of police officers was leaked before the fall of the Awami League government, in July. The leaked data revealed details of at least 108,416 police personnel, including their identification (BP) number, current rank, workplace and joining date, mobile phone number, government phone number, names of parents and spouses, national ID number, date of birth, current and local addresses, height, weight, and distinguishing marks. Multiple police officers have confirmed the leak and expressed concern over the matter.

The leak of such a large number of login and admin panel details poses multiple risks. With admin panel data, one can access all the information stored in the database. Government data has been leaked several times before. In July 2023, personal information of several lakh citizens was leaked from Bangladesh's government websites, including names, phone numbers, email addresses, and national ID numbers. This breach was primarily due to weak cyber security and the negligence of maintenance personnel. Technical flaws were also a contributing factor.

In the past six months, more than 200,000 pieces of information from various educational institutions have been leaked. The names of these institutions can be easily found by reviewing the leaked data. Among this, 2,268 login details for admin panels were leaked. A volunteer group working on cyber security has stated that due to vulnerabilities, it is possible to access the databases of several educational boards in the country. IT experts also mention that while private companies and banks have implemented strict cyber security measures, government institutions still lack sufficient protection in this regard. Over time, the security of these institutions' websites and databases has not been updated. Moreover, the negligence or indifference of the people working in this field has contributed to these breaches. As a result, these institutions become easy targets for cyber attacks.

Data leaks pose a threat not only to individuals but also to the state. Government officials are directly associated with the state, and the leakage of their personal information essentially puts the state at risk. This should have been a concern long ago. The recent incident should, of course, prompt the Bangladesh government to take immediate action, focusing more on strengthening cyber security. To achieve this, specialized agencies must be assigned to ensure regular monitoring and bolster technological defenses.