According to a probe by a joint investigation team, the personal records of over 2.7 million Pakistani citizens have been exposed online in massive data breaches over the past 5 years.
The probe discovered that highly sensitive information belonging to citizens, such as national ID numbers, passport and visa details, income tax records, and even information on debt and bank loans was being openly circulated on the internet since 2017.
The investigation raised serious concerns about lax data handling practices at various government departments and private companies. Personal records were being collected, digitized and even outsourced without proper security protocols.
NADRA Blamed for the Data Breach
This major data breach involves one of Pakistan’s most important government organizations – the National Database and Registration Authority, also known as NADRA.
NADRA serves as the national identity database, collecting and storing civic registration information and ID records for all Pakistani citizens. It’s basically a central repository for residents’ most sensitive personal data.
The investigation discovered that specific NADRA offices in major cities like Karachi, Multan, and Peshawar were allegedly involved in leaking citizens’ data over the past 5 years.
Traces of this leaked NADRA data was found being used or circulated as far away as Argentina and Romania.
Following an investigation into the cybersecurity incident that occurred in March 2023, appropriate measures have been taken.
The Joint Investigation Team (JIT) has recommended upgrading technology and initiating departmental and criminal proceedings against those responsible for the security lapse.
Concerns regarding the vulnerability of Nadra’s data had been previously raised but garnered significant attention following the disclosure of an information leak involving certain senior military officials.
The report placed blame on NADRA for lacking proper security protocols when digitizing storage, sharing data between departments, and potentially outsourcing databases to third parties.
This failure to protect citizens’ most confidential files is a huge privacy breach of trust that needs to be addressed through stronger laws and updated technology.
