The Pakistani government has launched an urgent investigation following reports of a massive leak of personal information belonging to SIM card holders — including Interior Minister Mohsin Naqvi. Reports suggest that the leaked SIM data is being openly sold online, sparking widespread national concern over digital security and privacy.
In an official statement, the Ministry of Interior confirmed that Minister Naqvi immediately took notice of the incident and ordered the formation of a special investigative team. Acting on the minister’s directives, the National Cyber Crime Investigation Agency has formed a special task force with a strict deadline to complete its investigation and submit a report within 14 days.
According to the statement, “The team will thoroughly investigate the situation, identify those involved in the data breach, and hold them accountable through legal action.”
SIM Data Sold Online at Low Prices
Reports indicate that highly sensitive SIM data has been put up for sale on Google’s platform. According to English daily Dawn, individual mobile location data is allegedly being sold for 500 Pakistani rupees (approx. $1.80), communication records for 2,000 rupees (approx. $7.30), and details of international travel for 5,000 rupees (approx. $18). The illegally traded data reportedly includes information belonging to both government officials and private citizens.
The news comes just months after the Pakistan National Computer Emergency Response Team (PKCERT) issued a serious warning about a global data breach that affected more than 180 million Pakistani internet users. PKCERT confirmed that over 184 million user accounts — including usernames, email addresses, and passwords — had been found in an unencrypted public database.
These datasets were linked to social media, banking, healthcare platforms, and government portals. The stolen information was obtained through malware known as “infostealers,” which extract confidential data from infected systems. The stolen records were stored without encryption or password protection, leaving them completely exposed and vulnerable to exploitation.
According to PKCERT’s advisory, “The leaked databases appear to have been collected by infostealer malware… The data was stored in plaintext and left entirely unprotected.”
PKCERT — the federal agency responsible for protecting Pakistan’s digital assets and critical infrastructure — warned that the breach could lead to several risks, including:
- Credential-based unauthorized login attacks
- Identity theft
- Unauthorized access to sensitive accounts
- Targeted phishing and social engineering
- Malware attacks using stolen credentials
The advisory specifically urged SIM holders to regularly change their passwords and use trusted online tools to check whether their data has been compromised.
Previous Data Breaches Raise Questions About Data Protection
This is not the first large-scale data breach to occur in Pakistan. In March 2024, a Joint Investigation Team (JIT) reported to the Ministry of Interior that in a separate case involving the National Database and Registration Authority (NADRA), credentials of 2.7 million individuals had been leaked between 2019 and 2023.
The recurrence and overlapping nature of such incidents have raised serious concerns about the effectiveness of Pakistan’s digital security framework. As citizens’ digital footprints expand and the use of mobile phones and SIM cards becomes ubiquitous, the protection of SIM data and related personal information has become more critical than ever.
As the investigation ordered by Interior Minister Naqvi proceeds, public attention remains focused on how the Ministry of Interior and PKCERT handle the situation. What citizens demand most now is accountability, transparency, and, above all, the establishment of a stronger data protection framework to safeguard millions of SIM card holders.