A significant privacy breach has once again created a crisis in Pakistan, where the personal data of thousands, including senior government officials and federal ministers, is now being sold on the dark web.
The compromised information includes scanned national ID cards, addresses tied to mobile SIM registrations, detailed call logs, and records of international travel.
The leak appears to span multiple layers of government, touching agencies such as the Pakistan Telecommunication Authority (PTA) and reaching into cabinet offices. According to Express News, the data is already being offered across online platforms, with little interference from authorities.
More: Another Major Data Breach Exposes Dangers of Online Digital ID Verification
The PTA and the National Cyber Crime Investigation Agency (NCCIA) have made vague statements about taking some websites offline, but have yet to provide clear updates or evidence of enforcement.
The Express Tribune reports that mobile location information is being sold for as little as PKR 500 ($1.76). Full call histories are going for PKR 2,000 ($7), while international travel records are being offered at PKR 5,000 ($17.55).
Analysts warn that such data, available so cheaply, could easily be exploited to monitor, harass, or impersonate individuals with minimal cost or effort.
Interior Minister Mohsin Naqvi has instructed the NCCIA to launch a formal investigation. A 14-member team has been assigned to identify those responsible and initiate legal action. The group has been given two weeks to submit its findings.
This latest data breach has unfolded at the same time as a growing corruption scandal involving Pakistan’s national welfare system. The Benazir Income Support Program (BISP), which provides direct payments to nearly one-fourth of the population, has come under scrutiny following an audit that revealed widespread financial abuse by insiders.
The Auditor General found that 324 BISP officials took part in misappropriating over 37 million rupees, which equals nearly $130,000. Much of this fraud involved exploiting the biometric verification systems meant to secure the program.
Fake accounts were used to divert funds, including accounts opened in the names of deceased individuals. Earlier this year, an audit of the 2023 to 2024 period had also flagged serious financial irregularities.
Although the World Bank has previously noted that BISP’s biometric payment model contributed to reducing poverty in Pakistan, the latest revelations point to serious systemic flaws.
The use of biometrics and centralized identity verification has not only failed to eliminate fraud but may also have introduced new avenues for abuse and surveillance.
Together, these events reveal a troubling pattern. As digital identity systems grow more central to both governance and welfare, the absence of robust privacy protections, data security standards, and independent oversight is becoming more dangerous by the day.
