Bangladesh Election Commission Data Breach Exposes Personal Data of 14,000 Journalists
A major security failure in Bangladesh’s Election Commission (EC) has exposed the personal data of at least 14,000 journalists, raising serious concerns over privacy and institutional accountability. The breach occurred in the EC’s newly launched online accreditation system, which was introduced to streamline journalist verification for election coverage.
For several hours, sensitive information including photographs, signatures, national ID details, office identity cards, and media records was left publicly accessible due to basic security oversights. The incident, described as a "grave violation of privacy" by digital rights group ARTICLE 19, undermines protections guaranteed under national and international law.
The exposure poses severe risks to journalists, particularly in an environment where press freedom is already under threat. Compromised data could enable harassment, surveillance, or physical harm, further endangering those covering elections. ARTICLE 19 criticized the EC for institutional negligence, citing a lack of adequate security testing and accountability in handling sensitive information.
Beyond immediate safety concerns, the breach erodes public trust in digital governance and damages the credibility of institutions responsible for safeguarding democratic processes. ARTICLE 19 has called for an independent investigation into the incident, including whether the data was copied or misused, and demands accountability for responsible officials.
The organization also stressed the need for stronger data protection measures such as encryption, access controls, and mandatory security audits before deploying any digital system. Without legal safeguards and independent oversight, both journalists and citizens remain vulnerable to future breaches. The incident underscores the urgent need for reforms to protect privacy and uphold press freedom in Bangladesh.
Source: https://www.article19.org/resources/bangladesh-data-breach-a-threat-to-journalist-safety/
Bangladesh Election Commission cybersecurity rating report: https://www.rankiteo.com/company/bangladesh-election-commission
"id": "BAN1770200040",
"linkid": "bangladesh-election-commission",
"type": "Breach",
"date": "2/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '14,000 journalists',
'industry': 'Public Sector',
'location': 'Bangladesh',
'name': 'Bangladesh Election Commission',
'type': 'Government'}],
'attack_vector': 'Security Oversight',
'data_breach': {'data_encryption': 'No',
'number_of_records_exposed': '14,000',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Photographs',
'Signatures',
'National ID details',
'Office identity cards',
'Media records']},
'description': 'A major security failure in Bangladesh’s Election Commission '
'(EC) has exposed the personal data of at least 14,000 '
'journalists, raising serious concerns over privacy and '
'institutional accountability. The breach occurred in the EC’s '
'newly launched online accreditation system, which was '
'introduced to streamline journalist verification for election '
'coverage. For several hours, sensitive information including '
'photographs, signatures, national ID details, office identity '
'cards, and media records was left publicly accessible due to '
'basic security oversights.',
'impact': {'brand_reputation_impact': 'Damages credibility of institutions '
'responsible for safeguarding '
'democratic processes',
'data_compromised': 'Photographs, signatures, national ID details, '
'office identity cards, media records',
'identity_theft_risk': 'High',
'operational_impact': 'Erosion of public trust in digital '
'governance',
'systems_affected': 'Online accreditation system'},
'investigation_status': 'Called for independent investigation',
'lessons_learned': 'The incident underscores the need for stronger data '
'protection measures such as encryption, access controls, '
'and mandatory security audits before deploying any '
'digital system.',
'post_incident_analysis': {'corrective_actions': 'Independent investigation, '
'implementation of '
'encryption, access '
'controls, and security '
'audits',
'root_causes': 'Lack of adequate security testing, '
'institutional negligence, and '
'absence of encryption/access '
'controls'},
'recommendations': ['Implement encryption for sensitive data',
'Enforce strict access controls',
'Conduct mandatory security audits before system '
'deployment',
'Establish independent oversight for data protection'],
'references': [{'source': 'ARTICLE 19'}],
'regulatory_compliance': {'regulations_violated': ['National and '
'international privacy '
'laws']},
'stakeholder_advisories': 'ARTICLE 19 has called for accountability for '
'responsible officials and stronger data protection '
'measures.',
'title': 'Bangladesh Election Commission Data Breach Exposes Personal Data of '
'14,000 Journalists',
'type': 'Data Breach',
'vulnerability_exploited': 'Lack of access controls and encryption'}