Bangladesh National Telecommunication Monitoring Centre reports data theft using police credentials

The National Telecommunication Monitoring Centre (NTMC) in Bangladesh is reporting a data breach involving sensitive public data using the user IDs of two police officers. The officers implicated are Farhana Yesmin, a police superintendent at the Anti-Terrorism Unit (ATU), and Tareq Aman Banna, an assistant superintendent of police at Rapid Action Battalion-6 (RAB-6).

The breach involved data theft and unauthorized transfer of national identities, mobile call data records, and other sensitive information via the social media platform Telegram, reportedly in exchange for money.

The unauthorized access was detected in the NTMC system logs at 8:57 PM and 9:27 PM on April 25, 2024. The investigation concluded excessive data collection using the implicated user IDs between March 25 and April 25, 2024.

The NTMC has suspended access for all user IDs associated with the ATU and RAB-6 pending further investigation and has requested the Ministry of Home Affairs to conduct a full investigation and take appropriate action against those responsible.

Farhana Yesmin stated that someone else used her ID to leak the data and that the individual responsible has been sacked. Tareq Aman Banna claimed to be unaware of the allegations, noting he is currently on leave.

The breach raises questions about the integrity and capability of the government’s infrastructure for protecting sensitive information. Transparency International Bangladesh (TIB) expressed deep concern over the breach and called for the swift enactment of the Personal Data Protection Act, 2024.