Data theft: Nadra initiates action, suspends 8 officers

• Three officials from senior management also charged.
• Over a dozen officials also likely to be penalised.
• Nadra spox declines to share names citing data privacy.

ISLAMABAD: The National Database and Registration Authority (Nadra) has initiated disciplinary action against several of its officers with eight already suspended and charged, while over a dozen now likely to be penalised, The News reported on Thursday.

According to the publication, action has begun against Nadra staffers including three officials from the government body's senior management — director general (DG) technical, DG network Karachi — and others.

The development regarding the disciplinary action was confirmed by a Nadra spokesperson, who said that the move was made following the recommendations of a joint investigation team.

The official, however, did not reveal the names of the individuals against whom the action is being taken due to data privacy and ongoing court proceedings.

Data breach unearthed

Earlier this week on Tuesday, Geo News reported a serious breach of data, with personal information of at least 2.7 million Pakistanis stolen from the Nadra's database. The development was also confirmed by a joint investigation team.

The JIT unearthed the scandal in its report submitted to the Ministry of Interior, stating that the data theft took place between 2019 and 2023.

Federal Investigation Agency's (FIA) official Syed Waqaruddin headed the JIT, which comprised representatives of sensitive agencies and Nadra’s nominees.

According to the sources, the body completed investigations into the enormous scandal of an alleged breach of Nadra’s database and the officials concerned at the ministry were reviewing the contents of the report compiled by the panel.

The JIT report, the sources said, has identified that the data theft took place from the Multan, Karachi, and Peshawar offices of Nadra.

It also recommended action against the relevant senior officials of the authority whose negligence led to this massive data theft.

The stolen data was allegedly moved from Multan to Peshawar before it finally reached Dubai, the sources said.

The JIT report has said there is proof that the stolen Nadra data was apparently later sold in Argentina and Romania.

The government formed the JIT after a cyber security incident that took place in March 2023.