Five institutions leaked NID data to 3rd parties: EC

Election Commission (EC) Secretary Akhtar Ahmed revealed on Monday (February 10) that five institutions, including the Directorate General of Health Services (DGHS), have leaked National Identity Card (NID) data to unauthorised third parties. 

The EC discovered evidence of this breach during an initial investigation and has taken action against the accused organisations.

The five institutions implicated in the data leak are: the Directorate General of Health Services (DGHS), United Commercial Bank's MFS service Upay, Chittagong Port Authority, the Directorate of Women’s Affairs, and the Ministry of Finance's iBAS.

Akhtar Ahmed disclosed this information after a meeting held at Election Bhaban in Agargaon, where representatives from institutions utilising NID verification services gathered for discussions. 

"These institutions have been formally booked," he said, adding that investigations are ongoing to determine whether the leaks occurred due to negligence or deliberate intent. If found intentional, those responsible face legal consequences.

Currently, 182 institutions receive NID verification services through the EC’s sub-division. 

However, concerns persist regarding excessive or unrestricted use of sensitive data. 

Akhtar Ahmed stressed the importance of setting clear limits on data usage, likening unchecked access to leaving valuables unprotected: "If you leave something open, you cannot blame the thief."

He further explained that some organisations exceed their authorised data usage by obtaining NID verification services indirectly through other entities, violating the terms of the agreement. 

To address this issue, the EC plans to review how much data each organization requires and whether they are accessing more than necessary.