Skip to main content

The sensitive personal data of millions of customers of five telecom companies that operate in Pakistan was allegedly accessed by a hacker from the world and is now available for purchase.

The hacker is asking for Bitcoin, Tether, or Ethereum equivalent to $2,000 using the Telegram account to communicate with the hacker and to negotiate the price of the sale.

The hacker claims they have access to the personal information of about 500 million subscribers to Jazz, Telenor, Ufone, Warid, and Zong.

Here’s a breakdown of the records of the telecom companies that the hacker claims to have access to:

  • Jazz (140.6 million)
  • Telenor (250.6 millions)
  • Ufone (33.2 million)
  • Warid (6.5 million)
  • Zong (68.7 million)

The hacker claims the records have been updated to March 2020. One sample file per telecom company has been provided by the hacker for examination.

We examined the samples that reveal that the files are they are Microsoft Access database formats with .accdb and .mdb extensions. They contain data like names cellphone numbers CNIC number, as well as addresses for subscribers.

In an exclusive interview, Zaki Khalid, a Strategic analyst based in Rawalpindi, stated that “on the first glance, samples of data shared for examination seem to be legitimate. However, the claims made by hackers, of the data being up-to-date in March 2020 are only verified by the telecom companies involved.”

Zaki added that “there are arguments to suggest the latest leaks could be repackaged data from significant breaches that occurred couple of years ago. These claims are not likely to be concluded until an extensive investigation is carried out by the state. Parliamentarians in the legislature must insist on an immediate report of the inquiry from these telecom firms.”

On the other hand the spokespersons of these five telecom firms have categorically denied the allegations of the hacker, noting they have conducted their own initial research and proven that there is no breach of data from customers was ever reported.

Also Read: Govt, SBP Decides to Ban All Cryptocurrencies in Pakistan

The telcos also stated they are committed to the privacy of data and take matters concerning cyber security very and seriously. They claim to have implemented sophisticated cyber security systems and processes to identify and fight cyber threats and have taken the necessary measures to protect themselves. The most important thing they do is ensure that customer data is secure The spokespersons said.

However, this isn’t the first time that companies in the telecom industry have been victimized by similar data breach. Over and over in the last few years, the personal data that millions Pakistani cellphone users has been exposed online.

Despite numerous data breaches affecting millions of people The government hasn’t yet taken any measure to hold firms that provide telecom services accountable for their inability to safeguard the personal information of their customers.

The Ministry of Information Technology and Telecommunication (MOITT) was the one who drafted the Personal Data Protection Bill (PDPB) several months ago. The bill was developed in the same way as Europe’s General Data Protection Regulation (GDPR). The PDPB includes provisions for data localization as well as the establishment of a central authority for data protection to protect personal information for the protection of private data of the citizens. But, the legislation hasn’t been incorporated into law yet, which indicates the indifference of legislators regarding the security of the personal data of citizens.