Pakistan suffers data breach with copies of national ID, sensitive data on sale

A major data breach in Pakistan has reportedly exposed the personal information of thousands of individuals, including federal ministers and senior government officials.

The Express News reports the compromised data is being sold online and includes the addresses of mobile SIM owners, call logs, copies of national identity cards and international travel records.

The leak spans multiple tiers of government, affecting figures from the Pakistan Telecommunication Authority (PTA) to cabinet-level officials.

Authorities such as the PTA and the National Cyber Crime Investigation Agency (NCCIA) have offered little public response, even after claiming that offending websites had been taken down, as enforcement efforts attract criticism.

Dozens of online platforms are selling sensitive data cheaply, according to the report (via The Express Tribune). This includes mobile location data for 500 Pakistani rupees ($1.76), detailed call records for PKR 2,000 ($7), and travel histories for PKR 5,000 ($17.55). Intelligence sources warn that such data could be weaponized by malicious actors to target individuals with minimal effort or cost.

Pakistan’s Interior Minister Mohsin Naqvi has ordered the NCCIA to conduct a comprehensive investigation. A 14-member task force has been formed to identify those behind the breach and pursue legal action. The panel is expected to deliver its findings within two weeks.

The data breach comes as a new corruption scandal envelopes Pakistan’s biometric safety net program. An audit of the Benazir Income Support Program (BISP) — a social protection scheme that pays cash benefits to nearly a quarter of the country’s citizens — found more than 300 officials have been implicated in corruption.

Pakistan’s Auditor General discovered 324 officials at varying levels of the program’s management chain siphoned more than 37 million Pakistani rupees (nearly $130,000). The media reports indicate that BISP funds are stolen through various fraudulent means including fake or opaque biometric verification processes.

The Express Tribunes mentions that some of the fraud includes paying cash benefits to fake accounts such as those of dead persons. This latest scandal follows another one in March where an audit report covering the 2023-2024 period flagged financial impropriety.

A World Bank evaluation report highlighted the successes and challenges of the BIST last year, stating that the biometrics-based cash support payment system has substantially contributed to the reduction of poverty in Pakistan.

Article Topics

cybersecurity  |  digital identity  |  identity management  |  national ID  |  Pakistan