A recent investigation has uncovered a significant data breach affecting over 2.7 million Pakistanis, with personal information allegedly stolen from government records managed by the National Database and Registration Authority (Nadra). The breach, spanning from 2019 to 2023, implicates Nadra offices in Karachi, Multan, and Peshawar, raising concerns over data security and privacy. According to reports, the stolen data was sent to Dubai and subsequently sold in Argentina and Romania, highlighting the global reach of the breach and its potential consequences for affected individuals.
Prompted by the breach, the government formed a Joint Investigation Team (JIT) to probe the incident and recommend necessary actions. The JIT’s report suggests technological upgrades and advocates for departmental and criminal proceedings against those responsible for the breach. This breach underscores longstanding concerns regarding the vulnerability of Nadra’s data, with past incidents involving unauthorized access to personal data of senior military officials further amplifying the urgency for robust cybersecurity measures.
Nadra’s previous security lapses have garnered attention, particularly after disclosures regarding unauthorized access to personal data of senior military officials and the illegal issuance of national identity cards to foreigners. The authority has taken measures to address these issues, including initiating criminal proceedings against officials involved in data breaches and canceling illegally issued identity cards. However, the recurrence of breaches underscores the persistent challenges in safeguarding citizens’ personal data and underscores the need for continuous improvement in cybersecurity infrastructure and protocols to mitigate future risks.
