Pakistan’s digital privacy crisis deepened on Thursday after Pakistan Telecommunication Authority (PTA) Chairman Hafeez-ur-Rehman confirmed before a Senate committee that personal data of Pakistani citizens has been circulating on the dark web since 2022. However, contradictory statements from the regulator and licensed telecom operators have left questions over the source and scale of the breach.
Sensitive Records for Sale
According to media reports, the chairman admitted that entire profiles of Pakistani citizens — including copies of CNICs, SIM registration details, travel history, and even financial information — are available for purchase on hidden forums. Prices are shockingly low, with a complete personal data profile reportedly selling for as little as Rs 500 on the dark web.
The most alarming revelation came from Daily Pakistan, which highlighted that the personal details of 350,000 Hajj applicants were up for sale. PTA officials confirmed that an internal inquiry was carried out as far back as 2022, but despite the findings, the leak has persisted.
In his testimony, Hafeez-ur-Rehman also disclosed that even his own SIM data has been available online since 2022, underscoring the seriousness of the issue.
PTA Denials and Audits
While acknowledging the presence of leaked data online, the PTA insisted that its audits of licensed telecom operators found no evidence of breaches within the sector. “PTA does not hold subscriber data itself — this remains with telecom operators,” a statement from the regulator clarified, as reported by The News.
This has raised confusion. If the breach did not occur at telecom operators, experts argue, the data may have been exfiltrated from other government institutions or third-party databases handling sensitive citizen records.
Billions at Stake
The ProPakistani report added that senators grilled the regulator on data leaks “worth billions,” citing how such records are exploited for financial fraud, SIM scams, phishing, and identity theft. PTA confirmed that much of Pakistan’s sensitive information is stored on foreign servers, making it highly vulnerable to hacking and unauthorized access.
Rising Public Concern
Civil rights groups and cybersecurity experts warn that ordinary Pakistanis are now increasingly exposed to identity theft, banking fraud, and surveillance risks. With over 125 million internet users, the scale of exposure could be massive if reforms are not urgently implemented.
Calls have intensified for the government to fast-track the long-delayed Personal Data Protection Bill and establish a robust national cybersecurity framework. Without such measures, experts caution, breaches will continue to undermine public trust in digital services.
What Comes Next?
The PTA chairman assured lawmakers that the authority is “actively monitoring dark web forums” and coordinating with other state agencies to track down the sources of leaked datasets. However, as of now, no specific institution has accepted responsibility for the breach, leaving both policymakers and the public demanding clear answers.
Until then, the stark reality remains: Pakistani citizens’ private data is available for sale online — and no institution has yet been able to stop it.
