A threat actor has allegedly leaked a massive database containing the sensitive personal information of 602 million Pakistani citizens. The targeted entity is believed to be Pakistan’s National Database & Registration Authority (NADRA), the government organization responsible for issuing national identity cards and maintaining the country’s citizen data registry. The authority holds the foundational data for all Pakistani nationals, making it a critical piece of national infrastructure. A breach of this magnitude could represent one of the most significant government data leaks in history, exposing nearly the entire population to potential identity theft, fraud, and other malicious activities.
The data was allegedly posted on a dark web forum by a group calling itself ‘Shell Squad’. The actors claim the leak is the “biggest SIM-linked data breach in Pakistan’s history” and have made the entire 900GB+ database available for free on a Telegram channel, with sample links posted on the forum. The compromise allegedly includes highly sensitive and personally identifiable information, tying national ID numbers to mobile phone records. The repercussions of such a leak are severe, potentially enabling widespread social engineering attacks, financial fraud, and targeted surveillance by malicious actors.
The exposed data fields allegedly include:
- Full Name
- Phone Number
- Address
- CNIC Number (Computerized National Identity Card)
- Date of Birth
- Marital Status
- ID Type (CNIC or NICOP)
- Registration and update timestamps
