ISLAMABAD: Interior Minister Mohsin Naqvi has taken notice of reports regarding the leakage of mobile SIMs data and has constituted a special investigation body to look into the matter. According to an official press release, the National Cyber Crimes Investigation Agency has set up a dedicated team tasked with probing the incident and submitting its findings within 14 days. The move follows widespread media coverage alleging that sensitive details of mobile phone subscribers, including those of the interior minister himself, were being sold online.
Reports have indicated that the data available for purchase included mobile location records for Rs500, mobile data usage history for Rs2,000, and information regarding foreign travel for Rs5,000. The revelation has raised serious concerns over the security of personal and official data in Pakistan, prompting calls for swift accountability and measures to safeguard critical information. The press release confirmed that the investigative team will examine the circumstances of the breach in detail and identify those responsible, ensuring that action is taken under the law.
The issue of data security has already been under scrutiny in Pakistan. Just months ago, the National Cyber Emergency Response Team of Pakistan (PKCERT) issued an advisory warning that the login credentials and passwords of more than 180 million internet users had been compromised in a global data breach. PKCERT stated that the breach involved an unencrypted file that was publicly accessible and contained over 184 million unique account credentials. These included usernames, passwords, emails, and URLs tied to major social media services, government portals, banks, and healthcare systems. According to the advisory, the stolen data was believed to have been compiled through infostealer malware, which extracts sensitive information from compromised systems.
PKCERT warned that the availability of this information in plain text without encryption posed significant risks. Among the dangers highlighted were account takeovers, identity theft, phishing attempts, and unauthorized access to business or government platforms. Attackers could also use the exposed data to carry out credential stuffing attacks across multiple services, launch targeted social engineering campaigns, and deploy additional malware. PKCERT advised citizens to change their passwords regularly and use online tools to check if their credentials had been exposed in any breach.
Pakistan has previously experienced incidents of data compromise involving sensitive institutions. In March 2024, a Joint Investigation Team probing a separate data leak from the National Database and Registration Authority (Nadra) informed the interior ministry that credentials of 2.7 million people had been compromised between 2019 and 2023. That breach had already highlighted weaknesses in data protection and the urgent need for improved cybersecurity measures across government and private systems.
The recent reports of SIMs data being sold have further intensified concerns regarding the vulnerability of citizens’ personal information. Authorities now face pressure to not only address the specific incident but also to strengthen the overall cybersecurity framework to prevent similar breaches in the future. The ongoing investigation by the National Cyber Crimes Investigation Agency will be closely watched as both the public and policymakers await clarity on the extent of the leak and the safeguards that will follow.
Follow the SPIN IDG WhatsApp Channel for updates across the Smart Pakistan Insights Network covering all of Pakistan’s technology ecosystem.
