Stolen data from 'almost all' Pakistan banks goes on sale on dark web

Hackers stole more than $2.6 million in an audacious ATM cash out using stolen credit and debit card details

Anthony Cuthbertson
Monday 12 November 2018 17:04 GMT
Hackers dumped Pakistani credit and debit card details on dark web forums
Hackers dumped Pakistani credit and debit card details on dark web forums (Getty Images/iStockphoto)

Support truly
independent journalism

Our mission is to deliver unbiased, fact-based reporting that holds power to account and exposes the truth.

Whether $5 or $50, every contribution counts.

Support us to deliver journalism without an agenda.

Louise Thomas

Louise Thomas


Hackers sole customer data from "almost all major Pakistani banks" and placed it on the dark web, the country's cyber-crime chief has revealed.

The comments from Mohammad Shoaib, director of Pakistan's Federal Investigation Agency (FIA), follow a report from cyber security firm Group-IB that private bank data had been compromised. Group-IB discovered the details for sale in forums on the dark web – a section of the internet only accessible using specialist software.

"Almost all [Pakistani] banks' data has been breached. According to the reports that we have, most of the banks have been affected," Mr Shoaib told Geo News.

"More than 100 cases [of cyber attacks] have been registered with the FIA and are under investigation. We have made several arrests in the case, including that of an international gang."

More than 20,000 users have been affected by the security breach, according to the FIA, with credit and debit card details from potentially 22 Pakistani banks among the data compromised.

Cyber criminals have already cashed out $2.6 million from foreign ATMs, according to the Group-IB report, mirroring a similar attack earlier this year during which hackers syphoned more than 940 million rupees (£10.5 million) from ATMs around the world.

"An interesting fact is that cards from this region are very rare on the [dark web] cardshops," the Group-IB report stated. "In the past six months it is the only one big sale of Pakistan cards."

In a separate interview with Dawn News TV, Mr Shoaib said it was the responsibility of the banks to protect their customers' data.

"The hackers have stolen large amounts of money from people's accounts," he said.

"The recent attack on banks has made it quite clear that there is a need for improvement in the security system of our banks."

The State Bank of Pakistan instructed banks to increase vigilance but denied that it had been the victim of a cyber attack. It also revealed that at least six banks in the country have already suspended the use of its debit cards internationally.

"It has come to our notice that few banks have even withdrawn the facility of cards being used outside Pakistan," Abid Qamar, chief spokesperson for the State Bank of Pakistan, told the Daily Jang.

"Some are [however] allowing this facility upon instructions of their customers only."

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies


Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in