Pakistan Telecommunication Authority has completed its investigation into the reported leak of citizens’ data circulating online, stating that the compromised records appear to be old and not directly sourced from telecom companies. According to PTA sources speaking to ProPakistani, the probe found no evidence indicating that telecom operators’ systems were the source of the breach. The investigation also clarified that call detail records, travel history, and family tree information are not stored together in any single database, making it unlikely that such data originated from a single point of failure. Instead, the leaked records seem to have been compiled from multiple sources before being uploaded, possibly to the dark web.
PTA’s findings further revealed that in 2022, certain datasets had been shared with Punjab Information Technology Board and Benazir Income Support Programme, and some of the compromised information may have originated from these transfers. This follows a similar inquiry in 2022, when a third-party forensic analysis confirmed that the data involved in that breach was also old. These findings suggest a recurring challenge of older datasets resurfacing online, raising concerns about how shared information is managed and safeguarded once it leaves the regulator’s oversight.
During the current probe, PTA cross-checked approximately 1,500 mobile SIM records and found numerous inconsistencies. In many cases, mobile numbers, CNICs, and addresses belonged to different individuals, highlighting questions about the authenticity and accuracy of the leaked data. Sources within PTA noted that concerns over call detail records and other personal information becoming public have been raised multiple times, underscoring the ongoing need for stronger national mechanisms to protect citizens’ data. They emphasized that, while telecom operators may not hold all types of personal information, coordination among agencies handling sensitive data is essential to close loopholes that enable such leaks.
The investigative report will now be forwarded to the Ministry of Interior for further action. On directives from the Interior Minister, the National Cyber Crimes Investigation Agency has been tasked with probing the matter in greater depth to identify the exact source of the leak. PTA sources stressed that these efforts should lead to the establishment of a more secure national framework to protect citizens’ personal information from misuse. By recommending a coordinated approach between regulatory bodies, government agencies, and technology operators, the regulator aims to strengthen public trust and reduce the recurrence of data breaches affecting millions of people across Pakistan.
Follow the SPIN IDG WhatsApp Channel for updates across the Smart Pakistan Insights Network covering all of Pakistan’s technology ecosystem.
