Bangladesh is grappling with a significant digital security breach after the personal information of journalists became publicly accessible during the country’s 13th national parliamentary elections. At least 14,000 journalists had their sensitive data exposed for approximately two hours due to vulnerabilities in the Election Commission’s (EC) online application system.
The leaked information included personal photographs, signatures, National ID (NID) numbers, office identification cards, and lists of media organisations approved by the EC. The incident has raised serious concerns over data protection practices in state-run digital platforms.
Tanvir Hasan Zoha, an international criminal prosecutor and information security expert, described the breach as “a direct consequence of institutional negligence.” Speaking to Prothom Alo, he remarked, “How can a constitutionally established body operate a system without basic data protection, access controls, or fundamental security checks? The most pressing question remains whether any third parties accessed this sensitive information.”
He further warned, “Even those who advocate digital security and privacy often store their most sensitive data in the most vulnerable manner.”
The breach occurred during the EC’s first mandatory online application process, which allowed journalists to collect election cards and vehicle stickers via pr.ecs.gov.bd. Following widespread concern among media professionals, the EC withdrew the online requirement on Thursday and reverted to manual card distribution. However, the security flaws had already become evident. On Saturday at approximately 4:00 pm, anyone entering the system via the “admin” URL could view full application forms, including names, mobile numbers, and NID details. Although the vulnerability was patched by evening, the damage had already been done.
Senior Secretary of the EC Secretariat, Akhtar Ahmed, confirmed, “Some calls were received in the afternoon, and we are still investigating how the breach occurred. A detailed internal review will follow.”
Experts emphasise that state-run digital platforms must undergo rigorous security testing before launch, with safeguards for sensitive information. BM Mainul Hossain, Director of the Institute of Information Technology at the University of Dhaka, observed, “Trust is the foundation of any digital system. When institutions fail to establish that trust, public confidence in digital governance erodes, putting the entire digital transformation at risk.”
Summary of Journalist Data Breach:
| Category | Type of Data | Scope / Impact |
|---|---|---|
| Photographs & Signatures | Personal photos, signatures | Exposed for 14,000 journalists |
| National ID | NID numbers | Data of 14,000 individuals leaked |
| Office & Media Information | Office ID, approved media lists | Included affiliated media organisations |
| Online System | Initial application process | pr.ecs.gov.bd – severe security flaw |
| Exposure Duration | Time accessible | Approximately 2 hours |
The breach underscores the vulnerabilities in Bangladesh’s digital security infrastructure and highlights the urgent need for enhanced measures to safeguard both journalists’ and voters’ personal data.