Pakistan Telecommunication Authority (PTA) has rejected claims that subscriber data was leaked from telecom companies, clarifying that it neither gathers nor oversees such information. The authority stated that subscriber records are retained by licensed telecom operators.
The statement was issued after media reports started circulating with allegations that personal information of SIM operators was available for purchase online. The reported datasets included familial information, travel histories, vehicle registrations, and digitized national identity cards. Location data was reportedly being sold for Rs500, while call and data records were priced at Rs2,000, and travel details at Rs5,000.
In its announcement, PTA mentioned that an initial investigation indicated that the exposed information seemed to have been compiled from various external sources rather than originating from telecom providers. It also noted that audits conducted within the licensed telecom industry revealed no security breaches.
The regulator added that, as part of its extensive effort to combat unlawful online content, it had blocked 1,372 websites, applications, and social media accounts associated with the sale or distribution of personal information.
The Ministry of Interior has established an inquiry committee to look into the leak’s origin and suggest additional measures. The committee is presently investigating how the data was gathered and made accessible online.
Concerns regarding extensive data breaches are not new. Earlier this year, the National Cyber Emergency Response Team of Pakistan (PKCERT) alerted that the login information and passwords of over 180 million Pakistani internet users had been exposed in a worldwide breach. PKCERT reported that the compromised file contained more than 184 million unique account details in an unencrypted format and advised users to implement protective actions.
In March 2024, a joint investigation team looking into another incident found that data from the National Database and Registration Authority (NADRA) had been compromised. This breach reportedly affected the records of 2.7 million individuals between 2019 and 2023.
The latest reports of subscriber data being sold online have once again raised concerns about the management of personal information in Pakistan, prompting multiple agencies to engage in tracking the leaks’ sources.