According to a report from Geo News, the personal data of 2.2 million Pakistani citizens has been compromised and put up for sale online. This breach occurred when hackers gained unauthorised access to a private company-made database that is utilised by hundreds of restaurants.
The hackers have even gone so far as to display some citizens’ data as samples in their online sale advertisement. In their claim, the hackers asserted, “We have hacked the databases of over 250 restaurants,” and they listed numerous food outlets.
The compromised citizen data includes contact numbers and credit card details. The affected software is widely used by many restaurants across the country. Furthermore, details such as the number of transactions and the amounts paid by citizens are available for purchase online.
The hackers are demanding 2 Bitcoins in exchange for the compromised citizen data, which equates to approximately $54,000, considering that one Bitcoin is valued at $27,000 based on market sources. In Pakistani rupees, this amounts to over Rs15 million.
As of now, the Federal Investigation Agency’s (FBR) cybercrime circle has not received any complaints regarding this incident.
It is worth noting that the federal government recently issued a directive advising all information technology (IT) and financial institutions, including regulators, to avoid collaborating with, installing, or using Indian-origin artificial intelligence (AI) and information and communication technology (ICT) products.
This advisory was issued due to concerns that these products could pose a constant, concealed, and force multiplier threat to Pakistan’s critical information infrastructure (CII).
The government shared this cybersecurity advisory with federal and provincial ministries and sectoral regulators. The advisory highlighted that globally, AI products and services are widely employed by various industries, including the financial and banking sectors, to accelerate their growth.
The document also noted that the fintech sector in Pakistan, along with some banks, was engaged with Indian-origin companies that offered IT products, cybersecurity solutions, and AI solutions.
The use of Indian security products and solutions was considered a potential threat to Pakistan’s CII, particularly the banking sector, due to the possibility of backdoors or malware collecting logs, data traffic analysis, and personal identifiable information (PII).
Additionally, it pointed out the risk of direct Indian ingress into Pakistan’s CII through technical means and access control with passive monitoring capability.