The National Database and Registration Authority (NADRA) has responded to social media posts that were claiming that its systems were breached and that citizens’ data, including CNIC numbers, photographs, and biometric information, is being sold on the dark web on Thursday.
Is citizens’ data from NADRA being sold on the dark web?
NADRA said that the claims are false and unfounded. Responding to the claims, it said that the post itself acknowledges the allegation is unsubstantiated.
According to the authority, the same claim also surfaced in 2024. On both occasions, NADRA carried out a detailed technical investigation in coordination with the National Computer Emergency Response Team (NCERT) and the National Telecommunications and Information Security Board (NTISB).
According to the details, the investigations found no evidence of any breach of NADRA’s systems or unauthorised access to citizens’ data.
NADRA also said that the sample images being circulated do not even match with the format in which it captures and stores citizen data. It added that the same images have appeared multiple times on different platforms in the past.
Denying these claims, NADRA said that there is no evidence that any breach of its systems had taken place.
It also stated that no citizen data has been compromised. Adding that there is no security incident that needs remediation.
The authority said that it will continue to monitor such claims in coordination with the relevant national cybersecurity agencies.
NADRA tightens identity system
Before this, on June 5, NADRA cancelled 4.2 million Computerised National Identity Cards (CNICs) after identifying that their holders had been registered as deceased in official civil records.
The step was taken as part of a nationwide verification drive to improve the accuracy, transparency, and integrity of Pakistan’s national identity database.
NADRA recently completed a major verification exercise to improve the transparency and credibility of the system. As part of this, civil registration records were cross-checked with the national citizens database.
This led to the cancellation of 4.2 million CNICs that had been active despite the deaths of their holders.



