State minister for information and communication technology (ICT), Junaid Ahmed Palak has said they could not find out as to how much personal data has been leaked from the website of the Office of the Registrar General, Birth & Death Registration.
The investigation committee also could not find out it, he said adding no punishable measures will be taken in connection with the incident.
The state minister made this disclosure after a review meeting at the ICT Division in the capital’s Agargaon on Monday.
The Digital Security Agency organised the meeting with 29 important information infrastructure on the investigation report submitted by the probe committee formed over the leakage of personal information of ‘millions of people’.
State minister for ICT Junaid Ahmed presided over the meeting.
US-based online news portal TechCrunch said in a report on 7 July that information of millions was leaked through the website of a government organisation in Bangladesh.
The TechCrunch report said South Africa-based international cyber security agency Bit Crack Cyber Security’s researcher Viktor Markopoulos first noticed the incident.
The report claimed information of around 5 million people was leaked.
Asked about this, Junaid Ahmed said, “We are yet to be confirmed about the amount of the information that has been leaked. The website had architectural flaws and there was no logbook.”
“It is not acceptable that personal information of 5 million people was open to all. However, we cannot deny the claim either,” he added.
A representative of the Office of the Registrar General, Birth & Death Registration said in the meeting that it is not possible to confirm the magnitude of the data leakage. However, the state minister for ICT said this information was not available on the dark web so far. There is no such evidence that suggests somebody has hacked this information.
There was no recommendation for any punitive measure in the probe report.
Asked whether such a decision will create a culture of impunity or not, Junaid Ahmed said, “I don’t think so. We have stressed on doing duties properly. We have sent the report to the prime minister. Besides, the recommendations will be forwarded to the secretaries and ministers of the concerned ministries."
In response to another question the state minister for ICT said, “The ICT Division will not file any case over the incident. The concerned agency or police can take suo motu actions in this regard. There is no mention of this in the recommendations either.”
Junaid Ahmed said, “We did not want to blame people of concerned agency for this. They have been given the chance of self-defence. We were saved from a massive disaster this time. There is no assurance that these sorts of incidents won’t occur in future. The 29 important information infrastructure have been advised to follow the guideline of the Digital Security Agency.”
He further said that these incidents are recurring as the 29 important information infrastructure are not abiding by the recommendations and guidelines.
The state minister for ICT said, “Every ministry should have a CIRT and SOC teams. There should be a separate allocation for this. Otherwise, a big disaster awaits us. We will try holding these meetings with concerned ministers.”
“We have identified three vulnerable important information infrastructure. We have fixed the problems with two of these websites,” Junaid Ahmed said. However, he didn’t name those.
South Africa-based international cyber security agency Bit Crack Cyber Security’s researcher Viktor Markopoulos first noticed the incident. He said he had emailed the BGD e-GOV CIRT of the ICT Division in this regard.
The state minister, earlier, claimed that they did not receive any such mail. However, Junaid Ahmed, after the review meeting on Monday said, “Yes, Viktor did send us an email, but it was unattended.”
He further said, “There were gaps in terms of maintaining contact through emails. From now on, every ministry will thoroughly check all mails, including spams and all the categories. We have sent our gratitude to Viktor.”
Among the recommendations made by the investigation committees are - fixing all the flaws of the concerned websites, making verification of software from the Software Quality Testing and Certification Centre mandatory, increasing efficient manpower and following the directives of the Digital Security Agency.