Pakistani Citizens’ Data at “Severe Risk” as Cyber Breaches Surge: National CERT Issues Warning

The National Cyber Emergency Response Team (National CERT) of Pakistan has issued a high-priority cybersecurity advisory, warning that citizens’ personal data is at severe risk amid a growing wave of cyberattacks, identity theft, and privacy breaches.

The advisory applies to all organizations and institutions—public or private—that collect, store, process, or transfer Personally Identifiable Information (PII) of Pakistani citizens. This includes data handled across on-premises, cloud, and hybrid systems.

Rising Cybersecurity Threats in Pakistan

According to the National CERT, the spike in data breaches is linked to:

• Weak internal security controls

• Outdated IT infrastructure

• Unencrypted data transfers

• Use of malicious mobile applications

• Poor cyber hygiene practices

These vulnerabilities expose sensitive details like CNIC numbers, bank accounts, and health records, increasing risks of financial fraud, reputational damage, and exploitation by cybercriminals.

The advisory further reminds stakeholders that under the National Cyber Security Policy 2021, protection of citizen data is a matter of national security and public trust.

Mandatory Security Measures for Organizations

Organizations handling citizen data have been urged to take immediate action, including:

• Classifying data by sensitivity levels

• Enforcing strict access controls

• Encrypting personal information in storage and transit

• Regularly updating software and IT systems

• Implementing secure development practices

• Retaining data only as required by law

• Establishing clear breach response protocols

• Auditing third-party vendors handling PII

For the long term, entities are advised to adopt zero-trust security principles, ensure disaster recovery readiness, and build a cyber-aware workforce through continuous training and testing.

Data Protection Advice for Citizens

The advisory also calls on Pakistani citizens to actively protect their personal data. Recommendations include:

• Sharing CNICs and official documents only when absolutely necessary

• Clearly labeling copies (e.g., “For SIM registration only”)

• Using strong, unique passwords and enabling multi-factor authentication (MFA)

• Avoiding unnecessary sharing of personal details on social media

• Downloading apps only from official and verified sources

National CERT’s Final Call

The National CERT stressed that proactive cybersecurity is no longer optional—it is essential for safeguarding both individuals and national digital infrastructure.

It urged all organizations and individuals to take decisive measures to protect sensitive data, maintain public trust, and strengthen Pakistan’s defense against rising cyber threats.