ISLAMABAD: The Pakistan Telecommunication Authority said in a September 9 post on X that it does not hold subscribers’ data after blocking 1,372 websites, apps and social media pages trading personal information.
“Subscribers’ data remains solely with licensed telecom operators,” the PTA said in a statement.
They added that “an initial review indicated the leaked datasets contained family details, travel records, vehicle registrations, and CNIC copies, suggesting that the data was aggregated from multiple external sources, rather than telecom operators.”
NCCIA conducts probe
The clarification followed media reports about alleged data leaks and came as the Ministry of Interior, the National Cyber Crimes Investigation Agency and a Joint Task Force on Unauthorised Data Access and Pilferage expanded inquiries, directing the National Technology and Information Security Board to audit telecom operators under the Prevention of Electronic Crimes Act 2016.
The initial probe by the National Cyber Crimes Investigation Agency suggested the alleged breach could have exposed sensitive records that might enable sophisticated fraud.
Officials noted a listing on the dark web that advertised data of 3.2 million International Mobile Subscriber Identity (IMSI) and International Mobile Equipment Identity (IMEI) records allegedly linked to users in Pakistan, as reported by newspaper Dawn.
The statement came after Amnesty International claimed in a report released Tuesday that Pakistan operates extensive surveillance systems capable of monitoring millions of mobile phones and filtering internet traffic, Reuters reported.
The rights watchdog said the network, which it linked to both Chinese and Western suppliers, can tap at least 4 million phones and block up to 2 million internet sessions at once. The report drew on court documents and technical files, noting that Pakistani authorities have denied in court having the capacity for such phone tapping.
No breaches found within licensed entities
The telecom regulator rejected suggestions that the data originated from mobile companies or fixed-line internet providers and referred to a recent sector-wide cybersecurity audit completed about two weeks ago, saying no breaches were found within licensed entities.
"Telenor Pakistan ranked first among mobile operators, while Nayatel led fixed-line operators in terms of cybersecurity,” the Pakistan Telecommunication Authority said, citing its recent audit.
The authority added that it conducts annual cybersecurity audits of all licensees through third-party consultants and continues enforcement against platforms trading in personal data.
Telecom Operators Association Vice Chairman Wahaj Siraj said defending against hackers is a constant challenge. “Combating cybercrime is an ongoing challenge, and hackers could potentially strike any company or sector, though Pakistan’s telecom and internet infrastructure are secure,” he said.
Siraj added that while PTA conducts annual cybersecurity audits through third-party consultants, “authorities should also ensure similar audits are performed across all relevant sectors.”
Authorities said the investigation is continuing to assess the scale of any exposure and potential risks to citizens’ digital security.
