Is Pakistan Ready for a Data Breach?

By Khurram Zia Khan

In a major cyber-attack on a Pakistani bank a few weeks ago, hackers made off with at least Rs. 2.6 million through debit cards issued by BankIslami. Today, we are hearing that Data of ‘Almost All Pakistani Banks’ was hacked. Although the State Bank of Pakistan has denied this news and confirmed that only a single incident of BankIslami took place, rumors are saying that bank accounts of all banks were at risk due to a threatening message sent to the consumers of financial institutions.

A month ago, Facebook made headlines over yet another security breach affecting nearly 50 million accounts, making users fear for the safety of their personal information. Twitter also faced a similar situation and they asked their users to immediately change their passwords to protect their account.


Globally, there are many servers which people use to communicate and to store information about their country or organizations. Unfortunately, these servers are also struggling to maintain their security and many security breaches were reported in the last few years.

Now, due to massive leaks, countries have started tightening security regulations to protect data.

Data that countries and organizations are storing on various servers contain highly sensitive information which, if leaked or accessed, can cause a major problem for the country.

Europe is aware of this problem, being the first to take corrective measures. Through the recently implemented EU General Data Protection Regulation, they Union made it mandatory for companies such as Google and Microsoft not to store data of Europeans outside of Europe.

Many countries are enacting stringent data privacy laws to protect their citizens’ data and in favor of national security interests but unfortunately Pakistan is not taking any steps to protect the country’s high profile data or the information about its citizens.

Many government organizations do not have their own email server and their employees are using Gmail, Hotmail, Yahoo and other mail servers to send and receive emails putting at risk their own information and the information about their organizations.

Pakistan should wake up to the reality that this is a hi-tech world and to keep up with the fast changing global dynamics, it will have to act swiftly or else we will be left behind.

State bank of Pakistan is the first entity that should be aware of this threat. Regulations of the SBP prohibit partner banks to use international servers but unfortunately many banks and DFIs are violating SBP’s regulations and are using platforms like Microsoft Teams, Facebook for Workplace, Slack etc that store their data outside Pakistan. Data storage on external servers is a big threat as evident from the incident with BankIslami. Immediately after this incident, many banks suspended the usage of their debit cards overseas but this is not enough to protect consumers.

It sends shivers down my spine that some of the country’s most sensitive organizations also use highly insecure platforms for communications that store data outside Pakistan.

A new government recently took oath in Pakistan chanting a slogan of change. From the looks of things, due to various reasons, the promised change is not coming. But, I suggest that the government should bring rapid advancements in the country’s information technology and telecom systems, and take all necessary actions to protect Pakistan’s cyberspace from being breached by outside forces.

There was a time when wars were fought with swords and shields. These days, modern hi-tech war equipment is an instrumental part of a country’s war strategy. In case of any untoward incident or aggression by outsiders, we don’t want to be in a situation where Pakistan is unable to use its strategic defense systems due to data breaches or leaked security code.

As the government wants to provide 10 million jobs and wants to take people out of poverty, I suggest that they focus on the IT sector. Our people, irrespective of their gender, have done wonders in this field and if the government works with experts in this field, not only would we open new avenues towards progress, Pakistan will prosper and we will also become reliant on our own servers and communication channels, making our country truly unassailable.

The author is a blogger and a communications professional. He can be reached at [email protected].

  • Earlier governments never really paid attention to the Cyber Security. They Cyber “Law” was just a joke to control the people who would go against them. This new Government, however, definitely sees the future. Yesterday’s Fawad Ch’s statement is a good indication of the plans the Government has. If only they can be proactive, instead of being reactive.

  • >