2.7 million Pakistani data compromised over five years

Islamabad: In a serious data breach, the personal information of as many as 2.7 million Pakistanis was compromised from the national database authority from 2019 to 2023, the Interior Ministry was informed on Wednesday.

A joint investigation team (JIT), headed by a senior officer of the Federal Investigation Agency (FIA) and comprising representatives from various intelligence agencies, unearthed the breach after completing its probe on the data leak from the National Database and Registration Authority (NADRA), Geo News reported.

The JIT submitted to the Interior Ministry the report, which said that data of as many as 2.7 million Pakistani citizens was stolen from the NADRA database from 2019 to 2023.

It found that the Multan, Karachi, and Peshawar offices of NADRA were allegedly involved in data theft and recommended action against the relevant senior officials of the authority.

There is also evidence of NADRA data surfacing in Argentina and Romania, the report said, citing sources.

The stolen data was allegedly moved from Multan to Peshawar before it finally reached Dubai.

The report says there is proof that the data was later sold in Argentina and Romania.

The JIT recommended an upgrade of technology, as well as departmental and criminal proceedings against those found responsible for the lapse.

The issue of the vulnerability of the NADRA’s data has been raised in the past, but it gained prominence only after the disclosure of an information leak about certain senior military officials.

In November 2021, a National Assembly panel was told that the personal data of millions of Pakistanis might have been compromised, allegedly due to weaknesses in the NADRA’s security framework.

During an earlier meeting of the National Assembly’s Standing Committee on Information Technology and Telecommunication, a senior FIA official had revealed that certain biometric records had been hacked.

It was later clarified that only the biometric system used for SIM verification, among other things, had been “compromised” and not the entire data record, the Dawn newspaper reported.

The leaks are disturbing as NADRA is considered highly professional as being the custodian of citizens' personal details.