ISLAMABAD: Interior Minister Mohsin Naqvi has taken immediate notice of the news regarding leakage of mobile phone SIMs data and formed a special team to investigate the matter within two weeks.
“Following the interior minister’s directives, the National Cyber Crimes Investigation Agency has constituted a special investigation team to probe into the matter and submit its report within 14 days,” says an official press release issued by the Interior Ministry here on Sunday.
It said the team will thoroughly examine the circumstances and those involved in the data leakage will be identified and brought to justice through legal action.
Media reports say that data of all SIM holders, including Interior Minister Naqvi, was sold at Google.
They further said that information regarding mobile location was being sold for Rs500, mobile data record for Rs2,000 and details of foreign trips for Rs5,000.
A couple of months ago, the National Cyber Emergency Response Team of Pakistan (PKCERT) issued an advisory warning that the login credentials and passwords of more than 180 million internet users in Pakistan have been stolen in a global data breach, urging people to take immediate protective measures. Media reports said PKCERT had identified the global breach involving a publicly accessible, unencrypted file containing more than 184 million unique account credentials.
“The breach exposed user names, passwords, emails and associated URLs tied to major social media services, as well as government portals, banking institutions, and healthcare platforms worldwide,” the reports said quoting the PKCERT’s advisory.
“The leaked database is believed to have been compiled using infostealer malware — malicious software that extracts sensitive information from compromised systems,” it added. “This data was stored in plain text and left completely unprotected, without encryption or password safeguarding.”
PKCERT is a federal government entity responsible for protecting Pakistan’s digital assets, sensitive information, and critical infrastructure from cyberattacks, cyberterrorism, and cyber espionage.
It outlined the potential impacts of the data breach, warning that the stolen credentials could be used for account takeovers, identity theft and unauthorised access to government portals or other sensitive sites.
The advisory highlighted that the publicly hosted database was storing credentials stolen from “infected endpoints” without any form of authentication or protection and “included sensitive login information for major platforms, enterprises, government agencies, and financial institutions”.
“Attackers may exploit this breach through credential stuffing across services with reused passwords; phishing attacks using associated emails and historical data; targeted social engineering leveraging exposed personal content; unauthorised access to business and government accounts; and malware deployment using credentials,” the advisory warned.
The advisory also recommended that people change their passwords annually and use a credible online service to find out about potential breaches.
In March 2024, a Joint Investigation Team (JIT) formed to probe a data leak from the National Database and Registration Authority (Nadra), told the interior ministry that the credentials of as many as 2.7 million people had been compromised between 2019 and 2023.
Published in Dawn, September 8th, 2025