FB pixel

Alleged massive NADRA breach does not include biometrics; evidence pending

Alleged massive NADRA breach does not include biometrics; evidence pending

A joint investigation team told Pakistan’s Interior Ministry this week that a breach from NADRA’s national identity database has been confirmed, Geo News reports. The announcement is the latest twist in a saga in which accusations and denials have been far more plentiful than presentations of evidence.

As many as 2.7 million people’s records are involved, according to investigators.

The joint investigation team was headed by an official from the Federal Investigation Agency (FIA). It says that data was stolen from servers in Multan, Karachi and Peshawar. The team recommended that legal action be taken against NADRA senior officials responsible at the time. The breach took place between 2019 and 2023, according to Geo. The Deccan Chronicle reports that an upgrade of NADRA’s technology is also recommended.

Usman Mobin served as chairman of NADRA from 2015 to 2021, and Tariq Malik served as chairman from June of 2021 to June of 2023. They are the only civilian heads of NADRA in the agency’s history. The agency is now chaired by Lieutenant General Muhammad Munir Afsar.

The report also contains sensational allegations of the data being traced to Argentina and Romania via Dubai.

A source familiar with the security incident who declined to be named tells Biometric Update that no biometric data was breached in the attack. The source confirmed that text data such as names, mobile numbers and addresses of NADRA-holders was breached.

The source said the breach was the result of a supply chain attack involving a PTCL router deployed to a NADRA facility in Multan, Punjab. The breach also began earlier than investigators claim, in 2016, according to the anonymous source.

Biometric Update is unable to confirm either the details provided by the FIA-led investigation or the anonymous source.

Perhaps most curious is uncertainty about whether the breach is new information. An FIA official told a parliamentary panel that a NADRA biometric database was compromised in November, 2021. The accusation was denied by NADRA, and Malik said at the time that the allegations were intended to sow chaos and undermine public trust in the institution.

Malik resigned amid a polarized political environment. This occurred shortly after NADRA sacked over a hundred employees for violations of data security measures, several of whom had been found responsible for leaking personal data belonging to a senior military official and his family following four investigations ordered by Malik, Dawn reported. NADRA had also introduced several data protection measures, including a system for notifying people when their records are accessed.

By then, the story of the NADRA breach had already had a winding journey, with an initial report denied in its entirety by the FIA as “not based on facts.”

Related Posts

Article Topics

 |   |   |   |   |   | 

Latest Biometrics News


HHS removes Login.gov from grantee payment system after cyberattack

The U.S. Department of Health and Human Services has removed Login.gov from its grantee payment platform after a security breach…


City of Clemson pilots Intellicheck ID verification to prevent underage drinking

Identity verification provider Intellicheck and the city of Clemson have launched a 12 month pilot program that uses identity verification…


Rumors of liveness detection’s defeat have been greatly exaggerated

Photo and video face filters are perhaps the most mainstream use case for augmented reality –  and an illustrative test…


Companies House takes new measures to fraud fight, but not biometric IDV

Companies House, the UK’s business registry, has begun rolling out new tools to fight fraud and help cleanse the register…


Mitek: quarterlies, annuals, SEC actions

April 4, 2024 – Mitek is getting back on track with its financial reporting, which may be more reflective of the…


Jamaica parliament soon to receive draft digital ID regulation for scrutiny

Plans are being finalized to send the draft regulation on Jamaica’s digital ID program to the country’s parliament for examination…


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.


Featured Company