HYDERABAD: An official of National Database and Registration Authority (Nadra) along with an associate was arrested on charges of unauthorized access and sale of sensitive citizen data. The two suspects, Abdul Hakeem and Mohsin Iqbal, were apprehended in Hyderabad on Tuesday following an operation led by the National Cyber Crime Investigation Agency (NCCIA).
According to the First Information Report (FIR), the arrests were made based on a complaint submitted by Syed Babar Ali Shah, Assistant Sub-Inspector at NCCIA. The report initiated an inquiry at the NCCIA Crime Reporting Centre in Hyderabad, which revealed that the two individuals were involved in unlawfully accessing Nadra records and distributing personal information of Pakistani citizens through various WhatsApp groups.
Sources informed NCCIA officials that Abdul Hakeem and Mohsin Iqbal had planned a meeting near a restaurant located on the bypass road on June 23. Acting on this intelligence, NCCIA Inspector Malik Awais approached the two suspects at the identified location. After identifying himself, Inspector Awais took them into custody on the spot.
A preliminary examination of their mobile phones revealed chat logs and shared files containing sensitive Nadra data. Both suspects were unable to provide a legitimate explanation for the possession of such information. Their mobile phones, considered as key evidence, were immediately seized and later submitted for technical analysis by Tahir Ahmed, a technical assistant at NCCIA.
The forensic analysis confirmed Abdul Hakeem’s employment with Nadra, as verified through his official employee card. The findings showed that Mohsin Iqbal regularly sent national identity card numbers to Abdul Hakeem, who would then retrieve the associated personal data using internal access. Both individuals were found to be members of several WhatsApp groups used for the illegal distribution and sale of confidential Nadra data.
The FIR specifies that charges were registered under sections 3, 4, 6, 14, and 16 of the Prevention of Electronic Crimes Act 2016, in conjunction with sections 34 and 109 of the Pakistan Penal Code. These sections cover unauthorized access, identity theft, illegal data transmission, and criminal conspiracy.
This incident highlights a serious breach of public data confidentiality and points to vulnerabilities in internal access controls. It also raises concerns over the misuse of official credentials for unauthorized digital activity and the growing use of messaging platforms for illicit trade in personal information.
The suspects are currently in custody at NCCIA Hyderabad, and further investigation is underway to determine the full extent of the breach and identify any additional accomplices or beneficiaries of the leaked data.
