NRTC: CDA billing system hit by cyberattack in Islamabad

Cyberattack Disrupts CDA’s Billing System in Islamabad, Ransom Demanded

On June 19, 2026, the Capital Development Authority (CDA) in Islamabad confirmed a cyberattack on its property, conservancy, and water billing system, disrupting online payments for residents. Hackers breached the platform and demanded a Bitcoin ransom, threatening to publish compromised data on the dark web if unpaid.

The attack, ongoing for three days, coincided with the June deadline for residents to clear dues, leaving many unable to process payments. While the CDA’s main website remained operational, the online payment portal was inaccessible until late Thursday. The authority’s vendor, NRTC, alongside the IT and revenue departments, is working to restore services, with recovery expected by Friday.

Officials revealed that property and conservancy charge records covering residential and commercial plots in Islamabad’s urban areas were compromised. Rural properties, managed by the district government, were unaffected. The CDA denied claims of missing backups, with spokesperson Shahid Kiani assuring that secure backup servers would enable full data recovery. Payments processed through 1-Link and authorized banking channels remained unaffected.

This incident follows a 2024 breach, attributed to Indian hackers, which exposed CDA data on the dark web. The earlier attack prompted the authority to hire a cybersecurity firm under a long-term contract to bolster its digital defenses. The CDA’s IT wing is now collaborating with the firm to mitigate the current threat and restore services.

Source: https://www.pakistantoday.com.pk/2026/06/19/cyberattack-disrupts-cda-billing-system-hackers-demand-bitcoin-ransom

NRTC TPRM report: https://www.rankiteo.com/company/national-radio-telecommunication-corporation-of-pakistan

"id": "nat1781951443",
"linkid": "national-radio-telecommunication-corporation-of-pakistan",
"type": "Cyber Attack",
"date": "6/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"

{'affected_entities': [{'customers_affected': 'Residents and commercial '
                                              'entities in Islamabad’s urban '
                                              'areas',
                        'industry': 'Urban development and municipal services',
                        'location': 'Islamabad, Pakistan',
                        'name': 'Capital Development Authority (CDA)',
                        'type': 'Government agency'}],
 'customer_advisories': 'Residents advised to use 1-Link or authorized banking '
                        'channels for payments',
 'data_breach': {'data_exfiltration': 'Threatened to publish on dark web if '
                                      'ransom unpaid',
                 'personally_identifiable_information': 'Yes',
                 'sensitivity_of_data': 'Personally identifiable information '
                                        '(PII) of residents and commercial '
                                        'entities',
                 'type_of_data_compromised': 'Property and conservancy charge '
                                             'records'},
 'date_detected': '2026-06-19',
 'date_publicly_disclosed': '2026-06-19',
 'description': 'On June 19, 2026, the Capital Development Authority (CDA) in '
                'Islamabad confirmed a cyberattack on its property, '
                'conservancy, and water billing system, disrupting online '
                'payments for residents. Hackers breached the platform and '
                'demanded a Bitcoin ransom, threatening to publish compromised '
                'data on the dark web if unpaid. The attack disrupted services '
                'for three days, coinciding with the June deadline for '
                'residents to clear dues.',
 'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
                                       'data breach and service disruption',
            'data_compromised': 'Property and conservancy charge records for '
                                'residential and commercial plots in '
                                'Islamabad’s urban areas',
            'downtime': '3 days',
            'operational_impact': 'Disruption of online payment services, '
                                  'inability for residents to process payments',
            'systems_affected': 'Online payment portal for property, '
                                'conservancy, and water billing'},
 'investigation_status': 'Ongoing',
 'motivation': 'Financial gain (ransom demand)',
 'post_incident_analysis': {'corrective_actions': 'Collaboration with '
                                                  'cybersecurity firm to '
                                                  'mitigate threat and restore '
                                                  'services'},
 'ransomware': {'data_exfiltration': 'Threatened',
                'ransom_demanded': 'Bitcoin (amount not specified)'},
 'references': [{'source': 'News report'}],
 'response': {'communication_strategy': 'Public disclosure via spokesperson, '
                                        'assurance of data recovery',
              'recovery_measures': 'Expected full recovery by Friday '
                                   '(2026-06-21)',
              'remediation_measures': 'Restoration of services using secure '
                                      'backup servers',
              'third_party_assistance': 'NRTC (vendor), cybersecurity firm '
                                        '(hired under long-term contract)'},
 'threat_actor': 'Unknown (suspected Indian hackers based on prior incident)',
 'title': 'Cyberattack Disrupts CDA’s Billing System in Islamabad, Ransom '
          'Demanded',
 'type': 'Ransomware'}