The Election Commission's (EC) National Identity Registration Wing has decided to keep 171 service partners that verify information from its server under strict monitoring.
The decision was taken following the suggestions that came from a meeting organized with the technicians of the best institutions in Bangladesh on Thursday.
The Election Commission's NID wing Director General AKM Humayun Kabir said: “I sat with various universities and technical persons. I have taken their opinion and advice. We will talk to the 171 partners to implement them. Then I will sit with more people.”
Mentioning that the advice of periodic audit has arrived, the official said: “We have to increase the physical and technical security.”
When asked if there are any kind of loopholes, AKM Humayun Kabir said they did not find anything of that sort yet.
“But we need to strengthen our system more. In order for us to conduct periodic audits, the technical committee may sit down from time to time to see if there are any threats. And they gave us suggestions on how to monitor our partners,” he added.
The NID wing's director general said he never used the word “hack”, rather he said there was “some leakage.”
If the server was hacked, then data would have been lost, he added.
The official also said that they have kept a mirror backup of the data in the ICT Division and Bangladesh Computer Council (BCC).
In response to another question, the NID Division director general said: "Our server is not weak, everyone admitted it. NID numbers can also be sought by banks, it is not a secret. It's not something you can't get.”
Researcher Viktor Markopoulos from Bitcrack Cyber Security accidentally discovered the leak on June 27 and promptly informed the Bangladeshi e-Government Computer Incident Response Team (CIRT), TechCrunch, an online portal focusing on high tech, reported.
Markopoulos revealed that the leaked data comprises the details of millions of Bangladeshi citizens. Shockingly, anyone can visit the website and find citizens' names, dates of birth, and NID numbers by simply conducting a Google search.
TechCrunch conducted its investigation to validate the authenticity of the leaked data. However, the outlet refrained from disclosing the name of the specific website as the data is still accessible online, as confirmed by Markopoulos.
