THE leak of sensitive personal information of millions of citizens on the internet from the web site of a government organisation, as identified and reported by a foreign cyber-security firm, is a sign of weak e-governance system. A researcher of Bitcrack Cyber Security in South Africa on June 27 found a suspected data leak from the Office of the Registrar General, Birth and Death Registration, and contacted the Bangladesh e-Government Computer Incident Response Team, but received no response. The leaked data include birth dates and national identification numbers, two key pieces of information that would allow anyone to extract other personal details such as names, addresses and more. The CERT team on July 8 issued a statement confirming the breach, noting that a verification of the extent was under way. The minister of state for telecommunication and information technology has said that the leak occurred because of technical weaknesses of the government site. A week’s time to identify and confirm a data breach of this scale speaks volumes of the government’s failure as keeper of personal data of citizens.

It is, however, not the first incident of a data breach or cyberattack in recent months. Hackers in March held 100TB of Bangladesh Biman data to a ransom of $5 million. A significant volume of information on finances, human resources, training and satellite communications was released since the government was unable to retrieve the data in time. In December 2022, Rajdhani Unnayan Kartripakkah lost about 30,000 documents of clients’ application for approval of building plans in May 2019–December 6, 2022. In October 2022, the government announced 29 agencies and institutions as ‘critical information infrastructure’, officially declaring an illegal access to information a punishable offence under the Digital Security Act. Some agencies that have been identified as vulnerable to cyberattacks are included in the list of critical information infrastructure. The government has recently proposed a personal data protection law, but as Transparency International Bangladesh says, it seeks to protect government interests, not the citizens’. The government appears to have taken steps to restrict public access to information but has failed to secure citizens’ data in publicly funded IT infrastructure. This is unacceptable that the government lags behind in capacity-building measures, skilled human resources and a regulatory environment to prevent cybercrimes.

It is high time that the government recognised the importance of its maintaining a sovereign control of its cyberspace. The government must, therefore, abandon its undemocratic and repressive approach to digital governance and take early steps to improve its capacity to protect its IT infrastructure from data breaches. It must also immediately investigate the leak of sensitive personal information of citizens on the internet from the government web site.