PTA Rejects Claims of Data Breach in Telecom Sector
Islamabad: The Pakistan Telecommunication Authority (PTA) has denied reports suggesting that telecom subscribers’ personal data was compromised, clarifying that the regulator does not hold or manage such information.
According to PTA, all subscriber data is maintained by licensed telecom operators. An initial review of the alleged leak showed details such as family information, travel history, vehicle registrations, and CNIC copies — indicating that the data may have been compiled from multiple external sources rather than directly from telecom systems.
Background of the Inquiry
The clarification follows a report by the National Cyber Crimes Investigation Agency (NCCIA). The matter recently gained attention after the interior ministry formed an inquiry committee and directed the NCCIA to establish a special investigation team.
Officials confirmed that the Joint Task Force (JTF) on Unauthorised Data Access and Pilferage has asked the National Technology and Information Security Board (NTISB) to conduct an audit of telecom operators. Under the Prevention of Electronic Crimes Act 2016, PTA licensees are considered part of Pakistan’s critical information infrastructure.
Dark Web Listing
Concerns grew after a listing on the dark web was found advertising a database of 3.2 million IMSI (International Mobile Subscriber Identity) and IMEI (International Mobile Equipment Identity) records, allegedly linked to Pakistani mobile users.
The PTA, however, rejected suggestions that the data originated from telecom operators or internet service providers (ISPs).
Cybersecurity Audit Results
The regulator pointed to its recent cybersecurity audit, completed about two weeks ago, which found no breaches within licensed operators. In the audit:
-
Telenor Pakistan ranked first among mobile operators
-
Nayatel led fixed-line operators in terms of cybersecurity measures
Industry Response
Telecom Operators Association (TOA) Vice Chairman Wahaj Siraj said that while cybercrime remains an evolving challenge worldwide, Pakistan’s telecom and internet infrastructure is secure and regularly monitored.
He added that PTA conducts annual third-party cybersecurity audits of licensed entities and suggested that similar audits should be extended to other sectors handling sensitive citizen data.
