–Report says PITB data leak exposed sensitive data of thousands of individuals including CNICs and scanned copies of personal documents
An investigative report on Monday claimed to have unveiled a major data leak scandal in the country where information collected by the Punjab Information Technology Board (PITB) was publicly sold on social media platforms.
Data of National Database and Registration Authority (NADRA), police, telecom companies and other government-run and private companies got leaked online due to bugs in the software and sold multiple times by hackers, TechJuice said.
According to the report, sensitive data of users – including their names, contact information, CNICs, SMS and call records, NADRA family tree data, criminal records, hotel visitor information, SMS spoofing services, offline databases of registered mobile users and more – has been compromised by various entities and sold at different places, including Facebook groups.
The report claimed that when PITB gained access to NADRA’s server, it was allowed to digitize the data of citizens by linking CNIC numbers to various public departments. “This data could only be accessed through authorized users, however, it is now being alleged that these officials shared their credentials which were used for extraction and trading of sensitive information of Pakistani citizens. sample unprotected API called data from the PITB apps developed and hosted in PITB data center. The call makes it evident that no security authentication was put in place,” the report said.
Responding on the matter, PITB Chairman Umar Saif announced that the government would take legal action against the data thieves. “Punjab Government will be taking legal action for whoever is responsible for making and propagating false, unfounded and malicious content against government IT systems on WhatsApp, Facebook and Twitter,” he tweeted.