Pakistan’s National Database & Registration Authority (NADRA’s) security is under scrutiny as the Senate Standing Committee on IT and Telecom raised concerns over citizen data leaks, including information from the ongoing Islamabad household survey. Officials reported that 63,000 of 90,000 households in Islamabad’s urban sectors have been surveyed, but senators questioned whether this data is truly safe, noting reports of Pakistani data appearing on the dark web for as little as Rs 500.
Senator Afnan Ullah warned that compromised national IDs could have severe consequences and criticized past measures like dismissing officers involved in leaks, saying public trust is already damaged. He also revealed that the government faces external pressure not to pass a Data Protection Law, leaving citizens vulnerable to a billion-rupee black market for stolen data.
The Pakistan Telecommunication Authority (PTA) chairman, Major General (retd) Hafeezur Rehman, confirmed that sensitive information, including around 300,000 Hajj applicants’ records, has been leaked, prompting calls for a high-level investigation. Senators emphasized the need for a third-party audit to verify Nadra’s data security and ensure public confidence.
NADRA officials admitted they were not fully prepared to present detailed briefings on safeguards, while the Deputy Commissioner Islamabad clarified that the administration is responsible for collecting the data, but security accountability lies with Nadra. The Chairman of Pakistan Digital Authority added that robust data governance frameworks are being implemented, though senators insisted that independent oversight is essential.
The committee also discussed broader cybersecurity risks, including massive SIM holder leaks and repeated database breaches, warning that the dark web is increasingly exploited for Pakistani citizen data. The Senate directed Nadra to provide a comprehensive briefing on data protection measures at the next session, highlighting continued legislative oversight on citizen privacy and national data security.
Experts have expressed serious concerns after it was confirmed that the personal data of nearly 300,000 Pakistani Hajj applicants- including names, SIM details, and other sensitive information has surfaced on the dark web. This data is reportedly being traded on hidden online markets, exposing major gaps in the country’s cybersecurity. PTA officials also reported that the leak was first detected in 2022 and is now under investigation by the Interior Ministry, highlighting the ongoing risk of large-scale data breaches in Pakistan.