A major data breach at the National Database and Registration Authority (NADRA) has compromised the personal information of an estimated 2.7 million Pakistani citizens, according to a report submitted by a Joint Investigation Team (JIT) to the Interior Ministry.
The Public Accounts Committee (PAC) had previously ordered the Interior Ministry to investigate the leak, which allegedly occurred between 2019 and 2023. The investigation, led by the Federal Investigation Agency’s (FIA) Cybercrime Director, revealed the involvement of NADRA offices in Multan, Peshawar, and Karachi.
The stolen data reportedly traveled from Multan to Peshawar before being transferred to Dubai. The JIT report further suggests that the data was potentially sold in Argentina and Romania.
The investigation recommends disciplinary action against high-ranking NADRA officials implicated in the leak. This comes after a cyberattack in March 2023 compromised sensitive personal information, including that of military personnel.
Following the JIT’s findings, the caretaker Prime Minister at the time, Anwaarul Haq Kakar, directed NADRA to implement the team’s recommendations. These recommendations reportedly involve both regulatory actions and technological upgrades to bolster data security.
The authorities are currently taking steps to ensure compliance with the recommendations, aiming to prevent similar incidents and safeguard the personal information of Pakistani citizens.