Data leak due to technical flaws, can't avoid liability: Zunaid Ahmed
State minister for information and technology Zunaid Ahmed has said the leakage of information of ‘millions’ of people from a government website happened due to technical weakness. Nobody hacked the website.
He said, “The website was weak in terms of security. We have seen that there were technical flaws. As a result the information became open to people. We have no way to avoid the liability.”
The state minister said this at the inaugural ceremony of the Bangabandhu International Cyber Security Awareness Programme at the BCC auditorium of the ICT Tower in the capital’s Agargaon on Sunday. Junaid Ahmed was the chief guest of the programme organised by the Bangladesh High-Tech Park Authority.
Speaking regarding the information leak, he said the information on that website became open to all due to its own security-related weakness. However, he didn’t name the website.
US-based online news portal TechCrunch said in a report on 7 July that information of millions was leaked through the website of a government organisation in Bangladesh. However, the report didn’t reveal the name of the website due to security reasons.
The BGD e-GOV CIRT, a project of the Bangladesh Computer Council (BCC) on cyber security, said in a press release on Saturday night that after noticing the report on leakage of information of ‘millions’ of people from a government website on an international news portal a CIRT team started working on this. Initiative was taken to look into the matter thoroughly. The CIRT team worked extensively about the probable impact and depth of the information leak.
Personal information means information that reveals a person’s identity including name, address, birth certificate, mobile number, passport number and biometric information. Leakage of this information creates the risk of being victims of fraudulent activities and crimes.
The TechCrunch report said South Africa-based international cyber security agency Bitcrack Cyber Security’s researcher Viktor Markopoulos first noticed the incident.
The TechCrunch claimed that they tried to inform the BGD e-GOV CIRT, government press office, the Bangladesh Consulate in New York and the Bangladesh Embassy in Washington DC about the information leak. However, there was no response.
Junaid Ahmed said, “We didn’t got any mail from TechCrunch. I have spoken to the officials over this.”
The state minister also shed light on the vulnerability of the government agencies in terms of cyber security. He said some 29 organisations were declared ‘important information infrastructure’ under the Digital Security Act. Emails are sent to them, but they don’t respond unfortunately. They don’t follow the rules.
Junaid Ahmed further said, “We used to stress on cost saving in the case of cyber security. Now it is understood that information is the new currency. We have to curb costs and at the same time ensure data security.”
Stressing on raising public awareness, increasing technological competence and competent manpower and implementation of the law and directives in this regard, Junaid Ahmed said, “Each of the 29 important information infrastructures should have a separate cyber-security team.”
Later, the state minister told the newspersons, “No one can claim that they are 100 per cent secured, but we must have the preparation. We didn’t have even minimum preparation in this incident. And no one can avoid this liability.”
“We could have said something if we were prepared. However, we cannot avoid the liability if the preparation is not enough.”
ICT secretary Md Shamsul Arefin, Digital Security Agency director general Abu Sayeed Mohammad Kamruzzaman, High-Tech Park authority’s managing director Rezaul Karim and others were present at the programme.