Data hack report

The number of victims calculated by the report is significantly lower than earlier independent estimates


March 28, 2024

print-news

An investigation report regarding the 2023 National Database and Registration Authority (NADRA) hack has found that at least 2.7 million Pakistanis’ personal information was compromised in the intrusion, a massive black mark on the face of the authority and its ability to earn public trust. The number of victims calculated by the report is significantly lower than earlier independent estimates that ranged from about 100 million citizens to almost the entire population. The centralised nature of personal data in Pakistan makes a data leak from NADRA potentially far more dangerous than any other business or institution. Banks, schools, retailers, or even email chat and providers do not always have the same amount of personal information for every individual user or customer.

The joint investigation team, set up by the Public Accounts Committee in the aftermath of the attack, says data was stolen from NADRA offices in at least three cities — Karachi, Peshawar and Multan — over the course of four years. According to the investigators from FIA, PTA and Military Intelligence, the stolen data was transmitted to Dubai and sold in Argentina and Romania. The team, led by the FIA’s Cybercrime Directorate, recommends actions against several NADRA officials, but the details are still murky as the full report has not yet been made public, even though the report has been with the Prime Minister’s office for almost a month.

Then-prime minister Anawarul Haq Kakar had ordered NADRA to implement the report’s findings and recommendations, but beyond some generic confirmations of technology upgrades and launching compliance measures, the authority has also remained tight-lipped about what specific remedial actions have been taken, especially any officials that have been punished. Given the earlier investigation delays caused by NADRA officials’ refusal to cooperate, the sluggish implementation is extremely disappointing. Unfortunately, given the failure to fully implement other major scam-related inquiries in the past, it is very much par for the course.

Published in The Express Tribune, March 28th, 2024.

Like Opinion & Editorial on Facebook, follow @ETOpEd on Twitter to receive all updates on all our daily pieces.

COMMENTS (1)

Muhammad Javed | 8 months ago | Reply 3 year back from newly issued chequebook I issued first cheque. HBL refused chequebook was not activated. Activation was got done and confirmed in writing. Then when cheque was issued Br refused bank had not issued this cheque book. CEO was approached that against this accountholder fraud case be registered immediately bank refunded chequebook cost earlier charged claimed not issued. A big bank and this is state of data preservation. This old man is ready to hear anytime from bank that he have no account
Replying to X

Comments are moderated and generally will be posted if they are on-topic and not abusive.

For more information, please see our Comments FAQ