A high-level inquiry in Pakistan revealed that the personal details of **2.7 million individuals**, including federal ministers, senior officials, and government employees, were exposed between **2019 and 2023** due to a data breach at **NADRA**. The leaked data—sold online via multiple websites—included **SIM owner addresses, call records, national identity card copies, and overseas travel details**. Intelligence sources warned that malicious actors could exploit this data for **targeted attacks, identity theft, or unauthorized access to government portals**. Earlier, **PKCERT** had also reported a separate global leak compromising **180 million internet users' credentials**, including logins for **social media, banking, healthcare, and government platforms**. The breach poses severe risks of **account hijacking, financial fraud, and national security threats**, with authorities urging citizens to enhance security measures. Despite prior warnings from activists, agencies like **PTA and NCCIA** failed to act promptly, exacerbating the crisis.
TPRM report: https://www.rankiteo.com/company/nadra-pakistan
"id": "nad2152021100225",
"linkid": "nadra-pakistan",
"type": "Breach",
"date": "6/2019",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': 'millions (including federal '
'ministers, PTA employees, and '
'citizens)',
'industry': 'public administration',
'location': 'Pakistan',
'name': 'Government of Pakistan',
'type': 'government'},
{'customers_affected': 'SIM holders (nationwide)',
'industry': 'telecommunications',
'location': 'Pakistan',
'name': 'Pakistan Telecommunication Authority (PTA)',
'type': 'regulatory body'},
{'customers_affected': '2.7 million individuals '
'(2019–2023)',
'industry': 'identity management',
'location': 'Pakistan',
'name': 'National Database and Registration Authority '
'(NADRA)',
'type': 'government agency'},
{'customers_affected': '180 million internet users '
'(credentials exposed)',
'location': 'Pakistan',
'name': 'Citizens of Pakistan',
'type': 'public'}],
'attack_vector': ['dark web marketplace',
'third-party data leak',
'credential stuffing'],
'customer_advisories': ['Use trusted services to check for data leaks',
'Monitor financial/banking accounts for fraud',
'Avoid sharing sensitive information online'],
'data_breach': {'data_exfiltration': 'yes (sold on dark web and advertised on '
'Google)',
'file_types_exposed': ['databases',
'identity documents',
'call logs',
'credential dumps'],
'number_of_records_exposed': ['180 million (internet users)',
'2.7 million (NADRA records, '
'2019–2023)',
'unknown (SIM holders, '
'including government '
'officials)'],
'personally_identifiable_information': 'yes (names, '
'addresses, national '
'ID copies, travel '
'details)',
'sensitivity_of_data': 'high (government officials, '
'financial, identity, and telecom '
'data)',
'type_of_data_compromised': ['personal identifiable '
'information (PII)',
'SIM registration details',
'call records',
'national identity documents',
'travel history',
'login credentials (usernames, '
'passwords, emails)']},
'description': 'Authorities in Pakistan have launched a high-level inquiry '
'into reports that personal details of federal ministers, '
'senior officials, and citizens—including SIM holder data, '
'call records, national identity copies, and overseas travel '
'details—are being sold online. The data was advertised on '
'platforms like Google, with prices as low as 500 rupees for '
'mobile location information. The National Cyber Crime '
'Investigation Agency (NCCIA) is investigating, with a report '
'expected in 14 days. The breach follows prior warnings from '
'Pakistan’s National Cyber Emergency Response Team (PKCERT) '
'about stolen credentials of 180 million internet users, '
'exposing risks of account hijacking, identity theft, and '
'unauthorized access to government and financial portals.',
'impact': {'brand_reputation_impact': ['eroded public trust in government '
'data security',
'criticism of PTA/NCCIA inaction'],
'data_compromised': ['SIM holder records (including federal '
'ministers)',
'call records',
'national identity card copies',
'overseas travel details',
'login credentials (180 million users)',
'emails',
'URLs linked to social media, government '
'portals, banking, and healthcare'],
'identity_theft_risk': 'high',
'legal_liabilities': ['potential lawsuits', 'regulatory penalties'],
'operational_impact': ['risk of account hijacking',
'identity theft',
'unauthorized access to '
'government/financial portals'],
'systems_affected': ['Pakistan Telecommunication Authority (PTA) '
'systems',
'government department databases',
'National Database and Registration Authority '
'(NADRA) records (2.7 million individuals, '
'2019–2023)']},
'initial_access_broker': {'data_sold_on_dark_web': 'yes (priced at 500–5,000 '
'rupees per record type)',
'entry_point': ['dark web marketplaces',
'third-party credential leaks'],
'high_value_targets': ['federal ministers',
'government employees',
'financial/healthcare '
'portals']},
'investigation_status': 'ongoing (NCCIA report expected in 14 days)',
'lessons_learned': ['Delayed response by PTA/NCCIA to prior warnings',
'Need for stronger data protection measures in government '
'databases',
'Public awareness gaps in cybersecurity hygiene'],
'motivation': ['financial gain', 'exploitation of personal data'],
'post_incident_analysis': {'root_causes': ['Inadequate data protection in '
'government databases',
'Lack of proactive threat '
'intelligence',
'Delayed response to prior breach '
'warnings',
'Weak authentication mechanisms '
'for sensitive portals']},
'recommendations': ['Mandate regular password updates and MFA for '
'government/financial portals',
'Enhance monitoring of dark web for leaked data',
'Strengthen legal penalties for data brokers',
'Conduct audits of NADRA/PTA systems',
'Improve inter-agency coordination for cyber threats'],
'references': [{'source': 'Interior Ministry of Pakistan Press Release'},
{'source': 'Pakistan National Cyber Emergency Response Team '
'(PKCERT) Warning'},
{'source': 'Media reports on data sale (e.g., Google '
'advertisements)'},
{'source': 'Joint Investigation Team Report (NADRA breach, '
'March 2024)'}],
'regulatory_compliance': {'legal_actions': ['NCCIA investigation',
'potential prosecutions'],
'regulations_violated': ['Pakistan’s data '
'protection laws (likely)',
'telecom regulations'],
'regulatory_notifications': ['Interior Ministry '
'press release',
'PKCERT public '
'warnings']},
'response': {'communication_strategy': ['press release by Interior Ministry',
'PKCERT warnings',
'media reports on risks and '
'mitigation steps'],
'containment_measures': ['public advisories to change passwords',
'enable two-factor authentication',
'verify SIMs registered under National '
'IDs',
'report suspicious activity to '
'cybercrime authorities'],
'incident_response_plan_activated': 'yes (NCCIA investigation '
'team formed)',
'law_enforcement_notified': 'yes (Federal Interior Minister '
'Mohsin Naqvi ordered inquiry)'},
'stakeholder_advisories': ['Change passwords annually',
'Enable two-factor authentication',
'Verify SIM registrations',
'Report suspicious activity to NCCIA'],
'threat_actor': ['unknown cybercriminals', 'initial access brokers'],
'title': 'Massive Personal Data Leak in Pakistan Involving Government '
'Officials and Citizens',
'type': ['data breach', 'identity theft', 'unauthorized data sale']}