ISLAMABAD: Sensitive personal information of millions of Pakistanicitizens, including consolidated records from key institutions, hasreportedly surfaced on the dark web, available for purchase at nominalprices. PML-N Senator Afnanullah Khan revealed during a Senate StandingCommittee on Interior meeting that such data breaches involve details fromthe National Database and Registration Authority (NADRA), banks and theFederal Board of Revenue (FBR). He asserted that acquiring any citizen’scomplete profile costs only Rs500, emphasizing the refined and up-to-datenature of the leaked datasets.
The senator described the available information as exceptionallywell-processed, potentially surpassing official compilations in usability.He warned that the total monetary value of the compromised data onunderground platforms ranges from Rs70 billion to Rs80 billion, assumingwidespread availability across Pakistan’s population of approximately 240million. This valuation reflects the high demand for such records inillicit markets, where they facilitate crimes ranging from fraudulentidentity creation to targeted scams.
Experts and lawmakers attribute the scale of this breach to possibleinsider involvement, as external actors alone could not access andconsolidate data from multiple secure government silos without internalfacilitation. Senator Afnanullah specifically pointed to officials in NADRAand the Directorate General of Immigration and Passports as potential weaklinks. He argued that the seamless integration of records from disparatesources indicates deliberate sharing or negligence at official levels,making large-scale theft implausible otherwise.
Previous incidents provide context to this ongoing crisis. In September2025, Interior Minister Mohsin Naqvi ordered an investigation after reportsemerged of thousands of citizens’ data—including CNIC copies, mobile SIMdetails, call logs and travel histories—being sold online for Rs500 toRs5,000 per record. Platforms advertised location data cheaply, while moredetailed profiles fetched higher sums, affecting even high-profileindividuals like federal ministers and senior officials.
The Pakistan Telecommunication Authority (PTA) chairman confirmed similarleaks, noting that around 350,000 Hajj applicants’ records had appeared onthe dark web. Such exposures heighten risks for vulnerable groups, enablingSIM swap fraud, phishing attacks and misuse of biometric-linkedinformation. Earlier probes, including a 2024 joint investigation teamreport on NADRA, identified compromises affecting 2.7 million citizensbetween 2019 and 2023, with involvement traced to specific regional offices.
Broader cybersecurity alerts have compounded public anxiety. In May 2025,the National Cyber Emergency Response Team (PKCERT) warned of a globalbreach exposing login credentials of over 180 million Pakistani internetusers, stemming from malware and unencrypted files. While not directly tiedto state databases, these incidents illustrate the porous digitalenvironment where personal data aggregates rapidly on illicit forums.
The dark web’s anonymity enables cybercriminals to monetize stoleninformation with minimal risk, often through marketplaces demandingpayments in cryptocurrency. Pakistani authorities face challenges inmonitoring these hidden networks, lacking advanced tools to trace originsor disrupt sales effectively. Intelligence sources have cautioned thatweaponized data could target individuals for extortion, blackmail or evenespionage, given inclusions of travel and financial details.
Read Top Stories
Government responses remain reactive, with calls for stronger dataprotection laws and enhanced oversight of state institutions. Amendments tothe Prevention of Electronic Crimes Act (PECA) were recently cleared by aSenate panel amid these discussions, aiming to impose harsher penalties ondata theft. However, critics argue that enforcement gaps persist, asevidenced by repeated leaks despite prior warnings.
Citizens bear the brunt of these vulnerabilities, facing heightened threatsto privacy and financial security. Recommendations include immediateadoption of multi-factor authentication, regular password updates andvigilance against phishing. Authorities urge reporting suspiciousactivities to cybercrime units, while pushing for comprehensive audits ofdatabases like NADRA to prevent further erosion of public trust.
This persistent pattern of data compromises highlights urgent needs forinstitutional reforms, technological upgrades and accountability measuresto safeguard national information assets in an increasingly digitized world.
Source: https://www.dawn.com/news/1968054
ogimageimage-name
