Personal information of 44 million Pakistani mobile phone users has leaked online, ZDNet has reported.
Last month, a Pakistani cybersecurity company claimed that it had located a data dump on the dark web which contained information of 115 million Pakistani mobile users.
The asking price for the data dump was 300 Bitcoins (BTC) or $2.1 million.
Federal Investigation Agency (FIA), Pakistan Telecommunication Authority (PTA), and NADRA are investigating the data dump on the orders of the Senate Standing Committee on Interior
The latest leak is apparently part of a bigger data dump containing the details of 115 million Pakistanis listed for sale last month.
Analyzing the recent data leak shows that it contains both personally-identifiable and telephony-related information of customers of all the telecom operators. It includes information such as:
- Mobile phone numbers
- CNIC numbers
- Residential addresses
- Landline numbers
- Dates of subscription
According to the attached sample of 44 million records above, the latest data is from 2013. This means either the hacker got his hand on an old backup file or the data breach occurred in 2013 and surfaced online just recently.
Regardless of the date of the leak, telecom operators ought to publicly notify their customers that their data has been compromised. Failure to do so would suggest that either the companies are unaware of the breach or they have deliberately chosen to keep their customers in the dark.
The latest data leak has once again raised serious questions on the protocols telecom companies are following regarding data security and privacy in Pakistan.