Last year, the personal data of people registered with the country’s Smart National Identity Card (NID) system was reportedly available on some Telegram channels, where it was being bought and sold.

Recently, a group with ulterior motives has emerged, engaging in the illegal trade of customer data. This group has tried to increase the visibility of such data trading by linking it with the names of reputable mobile banking institutions.

Reports suggest that what started as the abuse of Telegram bots has become a more complex operation, with the culprits creating a dedicated website along with Telegram channels to facilitate this unlawful trade. Moreover, these people are actively advertising their activities on social media platforms, falsely claiming to have customer information from reputable Mobile Financial Services (MFS), aiming to trick customers through various means.

The method involves spreading specific links through Telegram channels, which allegedly allow access to personal details by entering NID numbers and birthdates. Despite doubts about the validity of these claims, given the lack of verification mechanisms, the alleged data breaches have caused concern among the public, already cautious from previous incidents involving the national ID card database.

ICT experts emphasize the vulnerability of the population to misinformation regarding new leaks, amidst contradictory statements and opportunities for fraudulent activities. While opening an account in any financial institution requires national ID information and a photo, the supposedly leaked information on digital platforms is considered non-usable for fraudulent purposes within Bangladesh.

The national ID database, containing personal information for about 120 million citizens, remains a prime target for cybercriminals. IT expert Tanvir Hassan Zoha warns that people involved in selling or buying such information could face legal consequences under the watchful oversight of law enforcement agencies. Interestingly, there’s little profit in buying such information in Bangladesh.

A major data breach last July exposed sensitive information through the website of the Office of the Registrar General, Birth, and Death Registration, searchable via Google. Later leaks involving smart card data have seen such information circulated as belonging to customers of mobile banking institutions and banks. However, verification efforts have revealed inconsistencies, with different information available in different groups.

This spread of customer information on digital platforms has created discomfort and fear among citizens, potentially damaging trust in financial institutions and creating a climate of insecurity. While mobile banking entities are yet to issue official statements, they have reportedly informed law enforcement agencies about these breaches.

A senior official from a leading mobile banking institution highlighted the challenges in fighting digital platform propaganda related to data breaches, stressing their quick communication with law enforcement upon becoming aware of recent incidents.

Md Hassan Shahriar Fahim, managing director of Octagram Limited specializing in cybersecurity, highlights the risks to people tempted into buying such data. Collaborative analysis with law enforcement has revealed that information thieves also keep data on buyers, exposing them to potential hacking, blackmail, and other complications. Victims often find themselves in a tough position when seeking legal help, unable to reveal the circumstances of their online harassment.