The data breach has left 2.2 million Pakistani citizens vulnerable. Local software, widely utilized by numerous restaurants, became the gateway for hackers who extracted and put data for sale in the digital marketplace.
According to reports, the hackers flaunted snippets of the compromised data to lure potential buyers. They publicly boasted, “We have infiltrated the databases of over 250 restaurants,“ and even listed several restaurant names.
The Scope and Depth of the Breach
The depth of the breach is deeply concerning. Exposed details encompass a range of sensitive information from contact numbers to credit card credentials. Even more alarmingly, the software’s extensive reach across numerous restaurants means this data breach spans transactions, revealing both frequency and amount paid by citizens.
Financially speaking, the hackers’ price for this invaluable data is 2 Bitcoins. Given the current valuation of Bitcoin, this translates to approximately $54,000 or over 15 million in local currency.
Despite the gravity of the situation, the Federal Investigation Agency’s (FBR) cybercrime division has reported no formal complaints lodged on the matter yet.
In light of the increasing threats in the digital domain, the federal government recently issued a stern advisory to all IT and financial establishments. They have been unequivocally advised against any form of collaboration or utilization of AI or ICT products from India, citing potential concealed threats to Pakistan’s critical information infrastructure (CII).
A cybersecurity advisory explicitly highlighted the potential risks associated with Indian tech products and services. This advisory emphasized that various sectors in Pakistan, especially fintech, are inclined to partner with Indian companies for IT solutions, cybersecurity, and AI technologies.
Two primary concerns underscored were the potential inclusion of “backdoors or malware” that could harvest logs, traffic data, and personally identifiable information (PII) and the alarming possibility of “direct Indian access to Pakistan’s CII”, potentially allowing covert surveillance.