Breach of cybersecurity incidents are all too often worldwide. In a recent incident, a hacker exposed the private information of 42,064 Karachi residents via a shopping website. This information consists of complete names, contact information, residential addresses, invoice information, and more.
On a deep web forum, this private information is available for sale. Zaki Khalid, an intelligence analyst, tweeted the information. A snapshot of some of the stolen personal information is included with the hacker’s selling offer.
An internal copy of a company’s invoice information for a client is shown in sample. Naturally, it also displays the client’s name, home address, email address, contact information, and more. To protect privacy, we have filtered the image of any personal information.
According to Khalid’s report, it is unclear which segment of users was targeted in this data breach. The sample data shows the information on a single customer from DHA Phase 2, but it is quite possible that retailers were targeted just as much as the customers. The analyst says that other targeted users are also based in ‘posh’ areas of Karachi.
The leaked information is largely useless, but it shows that personal data breaches are a cause for concern.
As mentioned earlier, data breaches are becoming far too common in Pakistan. Last month, the Securities and Exchange Commission of Pakistan (SECP) had some of its sensitive data leaked, which resulted in a tug of war between the chairman and the relevant commissioner. The leaked data included private information on company CEOs including identity card numbers, email addresses, residential addresses, and more.
What’s most concerning is that the breach remained undiscovered by the head of information security, Mubashir Sadozai. It was only identified when ProPakistani alerted the regulator by sending inquiries on July 27.