2.7 million Pakistani citizens’ data compromised from Nadra

Joint Investigation Team (JIT) formed to investigate a data leak from the National Database and Registration Authority (Nadra) has informed the Interior Ministry that the personal details of up to 2.7 million citizens were compromised between 2019 and 2023.

According to sources familiar with the matter, the JIT, led by a senior Federal Investigation Agency (FIA) officer and comprising representatives from various intelligence agencies, concluded its investigation and submitted a comprehensive report to the ministry.

Read also: FBR Implements Mandatory Tax Registration for Retailers and Wholesalers

The JIT’s findings implicated Nadra offices in Karachi, Multan, and Peshawar in the alleged data breach, recommending disciplinary action against several officials.

Reports indicate that evidence of Nadra data appearing in foreign countries such as Argentina and Romania was uncovered, raising concerns about the security of citizens’ information.

Nadra has reportedly implemented numerous measures to enhance service delivery and bolster the security of its database, following an investigation into the cyber security incident that occurred in March 2023.

Furthermore, the JIT has proposed technological upgrades and both administrative and legal action against those accountable for the breach.

The vulnerability of Nadra’s data had previously been highlighted, particularly after the exposure of an information leak concerning senior military personnel. A National Assembly panel in November 2021 had warned about the potential compromise of millions of Pakistanis’ personal data due to security flaws within Nadra’s framework.

During a session of the National Assembly’s Standing Committee on Information Technology and Telecommunication, a senior FIA official disclosed the hacking of certain biometric records.

However, clarification later indicated that only the biometric system utilized for SIM verification and other purposes had been affected, rather than the entire database.