ISLAMABAD: Pakistan Muslim League-Nawaz (PML-N) Senator Afnanullah Khan on Tuesday claimed that sensitive data belonging to Pakistani citizens, including records from the National Database and Registration Authority (NADRA), the Federal Board of Revenue (FBR), and banks, is being sold on the dark web.
The senator made the startling disclosure during a meeting of the Senate Standing Committee on Interior, alleging that personal data of any Pakistani citizen can be purchased online for as little as Rs500.
“Data theft at this scale is not possible without internal involvement,” Afnanullah said, pointing to serious gaps in data protection mechanisms.
During the meeting, it was revealed that a fraudster travelled to India in 2023 using a fake passport created under the identity of a consultant working at the Attorney General’s Office. The affected lawyer, who attended the session, told lawmakers that the impersonator used his credentials to obtain travel documents, forcing him later to take his parents to NADRA to re-establish his citizenship.
Responding to concerns, the Director General of Immigration and Passports stated that NADRA had shared multiple cases involving forged identities. He added that a centralized digital dashboard has now been introduced to prevent fraudulent travel and identity misuse.
Addressing questions about how sensitive data was compromised, the DG suggested that leaks often occur when individuals share passport and CNIC details via WhatsApp or other unsecured platforms.
“This case occurred in 2023. Since then, NADRA and passport offices have introduced new safeguards,” he said, assuring lawmakers that issuing fake passports is no longer possible under the revamped system.
Minister of State for Interior Talal Chaudhry told the committee that the government is in the process of establishing a dedicated cyber security authority. He added that Senator Afnanullah would be briefed separately on NADRA’s data protection measures.
This is not the first instance of data leaks involving Pakistani citizens. In September 2025, Pakistan Telecommunication Authority (PTA) Chairman Major General (retd) Hafeez Ur Rehman revealed that personal data of nearly 300,000 Hajj applicants had surfaced on the dark web. He had urged a comprehensive investigation to identify the source of repeated breaches.