The Pakistani government has launched an urgent investigation following reports of a massive data leak involving SIM holders’ personal information, including that of Interior Minister Mohsin Naqvi. The leaked SIM data, reportedly being sold openly online, has sparked national concern over digital security and privacy.
The Ministry of Interior confirmed in an official press release that Minister Naqvi had taken immediate notice of the situation and ordered the formation of a special investigation team. The National Cyber Crimes Investigation Agency, acting on the minister’s directives, has constituted this team with a strict deadline to complete its probe and submit findings within 14 days.
The team will thoroughly examine the circumstances, and those involved in the data leakage will be identified and brought to justice through legal action,” the press release stated.
SIM Data Being Sold Online for Pennies
According to media reports, the breach involves the sale of sensitive SIM data on Google platforms. It is claimed that the mobile location of individuals is being sold for Rs 500, mobile data records for Rs 2,000, and even details of foreign trips for Rs 5,000. Disturbingly, these illicit transactions include data related to government officials and private citizens alike, reported Pakistani English-language newspaper Dawn.
This news comes just months after the Pakistan National Cyber Emergency Response Team (PKCERT) issued a dire warning about a global data breach that affected more than 180 million Pakistani internet users. PKCERT identified a publicly accessible, unencrypted database containing over 184 million unique account credentials, including usernames, emails, and passwords.
The data, linked to social media services, banking institutions, healthcare platforms, and government portals, had been stolen using infostealer malware. This malicious software extracts sensitive data from infected systems. The stolen information was stored without any encryption or password protection, making it easily exploitable.
“The leaked database is believed to have been compiled using infostealer malware… This data was stored in plain text and left completely unprotected,” the advisory noted.
PKCERT, the federal agency responsible for protecting Pakistan’s digital assets and critical infrastructure, warned that the breach could lead to:
- Credential stuffing attacks
- Identity theft
- Unauthorized access to sensitive accounts
- Targeted phishing and social engineering
- Malware deployment using stolen credentials
The advisory urged citizens, especially SIM holders, to change their passwords regularly and use credible online tools to check for data breaches.
Previous Breaches Raise Questions About Data Security
This is not the first high-profile breach of sensitive Pakistani data. In March 2024, a Joint Investigation Team (JIT) reported to the Interior Ministry that the credentials of 2.7 million people were compromised between 2019 and 2023 in a separate incident involving the National Database and Registration Authority (NADRA).
The overlapping timelines and repeated breaches have raised serious questions about the effectiveness of digital security protocols in Pakistan. With the increasing digital footprint of citizens, including the widespread use of mobile phones and SIM cards, the protection of SIM data and related personal information is more important than ever.
As the investigation ordered by Interior Minister Naqvi unfolds, public attention will remain focused on both the Interior Ministry and PKCERT to ensure accountability, transparency, and most importantly, stronger data protection mechanisms for Pakistan’s millions of SIM holders.
