Cybersecurity breaches are far too common around the world. In a recent incident, a hacker has leaked the personal data of 42,064 people from Karachi through a retail website. This data includes full names, phone numbers, residential addresses, invoice details, and more.
This personal data is currently up for sale on a forum on the deep web. The information was reported on Twitter by Intelligence Analyst Zaki Khalid. The hacker has accompanied his sale offer with a screenshot showing a sample of the leaked personal data.
The sample shows an internal copy of a company’s invoice details for a customer. Naturally, it also shows the customer’s name, residential address, email address, phone number, and more. We have censored personal data from the image to maintain privacy.
According to Khalid’s report, it is unclear which segment of users was targeted in this data breach. The sample data shows the information on a single customer from DHA Phase 2, but it is quite possible that retailers were targeted just as much as the customers. The analyst says that other targeted users are also based in ‘posh’ areas of Karachi.
The leaked information is largely useless, but it shows that personal data breaches are a cause for concern.
As mentioned earlier, data breaches are becoming far too common in Pakistan. Last month, the Securities and Exchange Commission of Pakistan (SECP) had some of its sensitive data leaked, which resulted in a tug of war between the chairman and the relevant commissioner. The leaked data included private information on company CEOs including identity card numbers, email addresses, residential addresses, and more.
What’s most concerning is that the breach remained undiscovered by the head of information security, Mubashir Sadozai. It was only identified when ProPakistani alerted the regulator by sending inquiries on July 27.