Stolen data from 'almost all' Pakistan banks goes on sale on dark web

Hackers stole more than $2.6 million in an audacious ATM cash out using stolen credit and debit card details

Anthony Cuthbertson
Monday 12 November 2018 17:04
Hackers dumped Pakistani credit and debit card details on dark web forums
Hackers dumped Pakistani credit and debit card details on dark web forums

Hackers sole customer data from "almost all major Pakistani banks" and placed it on the dark web, the country's cyber-crime chief has revealed.

The comments from Mohammad Shoaib, director of Pakistan's Federal Investigation Agency (FIA), follow a report from cyber security firm Group-IB that private bank data had been compromised. Group-IB discovered the details for sale in forums on the dark web – a section of the internet only accessible using specialist software.

"Almost all [Pakistani] banks' data has been breached. According to the reports that we have, most of the banks have been affected," Mr Shoaib told Geo News.

"More than 100 cases [of cyber attacks] have been registered with the FIA and are under investigation. We have made several arrests in the case, including that of an international gang."

More than 20,000 users have been affected by the security breach, according to the FIA, with credit and debit card details from potentially 22 Pakistani banks among the data compromised.

Cyber criminals have already cashed out $2.6 million from foreign ATMs, according to the Group-IB report, mirroring a similar attack earlier this year during which hackers syphoned more than 940 million rupees (£10.5 million) from ATMs around the world.

"An interesting fact is that cards from this region are very rare on the [dark web] cardshops," the Group-IB report stated. "In the past six months it is the only one big sale of Pakistan cards."

In a separate interview with Dawn News TV, Mr Shoaib said it was the responsibility of the banks to protect their customers' data.

"The hackers have stolen large amounts of money from people's accounts," he said.

"The recent attack on banks has made it quite clear that there is a need for improvement in the security system of our banks."

The State Bank of Pakistan instructed banks to increase vigilance but denied that it had been the victim of a cyber attack. It also revealed that at least six banks in the country have already suspended the use of its debit cards internationally.

"It has come to our notice that few banks have even withdrawn the facility of cards being used outside Pakistan," Abid Qamar, chief spokesperson for the State Bank of Pakistan, told the Daily Jang.

"Some are [however] allowing this facility upon instructions of their customers only."

Register for free to continue reading

Registration is a free and easy way to support our truly independent journalism

By registering, you will also enjoy limited access to Premium articles, exclusive newsletters, commenting, and virtual events with our leading journalists

Already have an account? sign in

By clicking ‘Register’ you confirm that your data has been entered correctly and you have read and agree to our Terms of use, Cookie policy and Privacy notice.

This site is protected by reCAPTCHA and the Google Privacy policy and Terms of service apply.

Join our new commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies


Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in