ISLAMABAD: Amid its ongoing crackdown on unlawful content, with 1,372 sites, apps, and social media pages blocked for selling or sharing personal data, the Pakistan Telecommunication Authority (PTA) on Tuesday claimed[1] that it neither held nor managed subscribers’ data.
The PTA said that subscribers’ data remains solely with licensed telecom operators, adding that an initial review indicated the leaked datasets contained family details, travel records, vehicle registrations, and CNIC copies, suggesting that the data was aggregated from multiple external sources, rather than telecom operators.
The explanation comes following a report by the National Cyber Crimes Investigation Agency (NCCIA). The issue of citizens’ leaked data recently gained attention when the interior ministry formed[2] an inquiry committee to investigate, and the NCCIA established a special investigation team to probe the matter.
Sources in the interior ministry said the Joint Task Force (JTF) on ‘Unauthorised Data Access and Pilferage’ has directed the National Technology and Information Security Board (NTISB) to conduct an audit of telecom operators. Under the Prevention of Electronic Crimes Act 2016, PTA licensees have been declared critical information infrastructure.
The initial report also indicated that the breach could have exposed sensitive data, potentially enabling cybercriminals to carry out sophisticated frauds.
A listing on the dark web was identified, advertising a data leak of 3.2 million IMSI (International Mobile Subscriber Identity) and IMEI (International Mobile Equipment Identity) records, allegedly belonging to mobile subscribers in Pakistan.
On the other hand, the telecom regulator disputed the ministry’s claim that the data leaks originated from some telecom company or fixed-line internet service provider (ISP).
The PTA referenced its recent cybersecurity audit, completed around two weeks ago, asserting that no breaches were found within its licensed sector. It highlighted that Telenor Pakistan ranked first among mobile operators, while Nayatel led fixed-line operators in terms of cybersecurity.
Telecom Operators Association (TOA) Vice Chairman Wahaj Siraj, while responding to queries, told Dawn that combating cybercrime was an ongoing challenge, and hackers could potentially strike any company or sector, though he affirmed that Pakistan’s telecom and internet infrastructure were secure.
He said the PTA conducted annual cybersecurity audits of all its licensed entities through third-party consultants, but authorities should also ensure similar audits are performed across all relevant sectors.
Published in Dawn, September 10th, 2025