Pakistan Telecommunication Authority (PTA) has said an internal review found no evidence of data breaches within the licensed telecom sector after reports surfaced claiming a large-scale leak of mobile SIM subscriber information. According to media reports, personal data of all SIM holders, including senior government officials, was allegedly offered for sale online with location data priced at Rs500, call and data records at Rs2,000, and details of foreign travel at Rs5,000. These claims triggered widespread concern over the security of mobile subscriber information in the country.
The latest reports follow an earlier advisory from Pakistan’s National Cyber Emergency Response Team (PKCERT), which had warned that login credentials and passwords of more than 180 million internet users in Pakistan were compromised in a global data breach. PKCERT had highlighted the discovery of a publicly accessible, unencrypted file containing over 184 million unique account credentials and urged citizens to adopt immediate protective measures to safeguard their accounts. This advisory had already raised alarms over the vulnerability of personal information being circulated on digital platforms.
Responding to the recent media stories, PTA clarified it does not hold or manage subscriber data directly, as this information remains with licensed telecom operators. It said its initial analysis of the reported datasets indicates that the leaked information included family details, travel records, vehicle registrations and CNIC copies, suggesting aggregation from multiple external sources rather than from telecom operators. PTA stated that audits conducted on licensed operators have so far shown no breaches within the sector.
PTA also outlined its ongoing actions against unlawful online activities. In its crackdown on illegal content, the authority has blocked 1,372 websites, applications and social media pages found to be involved in selling or sharing personal data. This is part of an ongoing effort to address misuse of personal information on digital platforms and to reinforce privacy protections for citizens.
The authority highlighted that the Ministry of Interior has already formed an inquiry committee to investigate the alleged SIM data leak. This inquiry will determine the source of the datasets being traded online and whether other government or private databases were compromised. The issue follows a March 2024 report by a joint investigation team probing a data leak from the National Database and Registration Authority (NADRA), which had informed the interior ministry that credentials of as many as 2.7 million people were compromised between 2019 and 2023. The pattern of breaches underscores a broader challenge for Pakistan’s digital ecosystem, where multiple databases containing sensitive information remain attractive targets for cybercriminals.
Follow the SPIN IDG WhatsApp Channel for updates across the Smart Pakistan Insights Network covering all of Pakistan’s technology ecosystem.
