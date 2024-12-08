One of the police databases affected by the recent leaks is the Crime Data Management System (CDMS), which holds at least 50 types of information, covering every aspect of a case from start to finish.

Case investigation officers, who are outside the CDMS control branch of the police headquarters, can access this data using specific IDs and passwords. Each ID provides details about the cases handled by the investigation officer.

A volunteer group specialising in cybersecurity showed this reporter that over 2,000 police CDMS login URLs, BP IDs or usernames, and passwords have been leaked in the past six to eight months.

This type of information leakage is referred to as ‘credential compromise.’ In total, 31,415 different types of data, including CDMS information and other police crime-related information, have been exposed.

These police database details are being advertised for sale across several Telegram channels. When contacted on one of these channels on November 24, the individuals claimed they could retrieve details about specific cases for a small fee. They also provided samples of information as evidence of their ability to access such data.

Before the fall of the Awami League government in July, the personal information of police officers was leaked. This breach exposed data on at least 108,416 police members, including identification or BP numbers, current ranks, places of work, dates of joining, mobile and government phone numbers, names of parents and spouses, national identity card numbers, birth dates, addresses, height, weight, and special identification marks.

Several officers were contacted to verify the authenticity of the leaked information. They confirmed that the details were indeed theirs and expressed concern over the exposure. One officer, contacted by Prothom Alo, stated that he was now retired.

The leak is believed to have originated from the police’s Personal Information Management System (PIMS). When contacted for an official statement, the police department did not respond.

However, an anonymous official told Prothom Alo that such breaches were often due to user-level negligence. The official emphasised that the police’s main database remains highly secure, and whenever leaked ID information is detected, it is promptly blocked to prevent further misuse.