The National Telecommunication Monitoring Centre (NTMC) in Bangladesh is under scrutiny following a report by WIRED, revealing a significant exposure of personal data on the open web. The leaked information, as detailed by the American technology magazine, encompasses a wide range of personal details, including names, professions, blood groups, parents’ names, phone numbers, call durations, vehicle registrations, passport details, and even fingerprint photos.
Despite the director general of NTMC, Major General Ziaul Ahsan, dismissing claims of a data leak as “totally incorrect” and attributing it to sample data collected for research and development, WIRED’s investigation suggests that the NTMC had been publishing personal information through an “unsecured” database linked to its systems for several months. Anonymous hackers reportedly attacked the exposed database, erasing details and claiming to have stolen a trove of information.
WIRED’s report indicates that this incident is not a typical database leak, with the NTMC’s unintentional disclosure shedding light on the secretive world of signals intelligence and the interception of communications. Security researcher Viktor Markopoulos from CloudDefense.AI, who discovered the unsecured database, emphasizes the unusual nature of such an occurrence within an intelligence service, even if the data involved are test samples.
While WIRED verified a sample of real-world names, phone numbers, email addresses, locations, and exam results included in the exposed data, the exact nature and purpose of the amassed information remain unclear, with some entries appearing to be test data, incorrect, or partial records. The majority of the exposed data is metadata, revealing the “who, what, how, and when” of communications, although phone call audio was not exposed. This incident raises significant privacy concerns and highlights the potential implications of unintentional data disclosures in the realm of signals intelligence.