Stolen data from ‘almost all’ Pakistan banks goes on sale on dark web

Hackers sole customer data from “almost all major Pakistani banks” and placed it on the dark web, the country’s cyber-crime chief has revealed.

The comments from Mohammad Shoaib, director of Pakistan’s Federal Investigation Agency (FIA), follow a report from cyber security firm Group-IB that private bank data had been compromised. Group-IB discovered the details for sale in forums on the dark web – a section of the internet only accessible using specialist software.

“Almost all [Pakistani] banks’ data has been breached. According to the reports that we have, most of the banks have been affected,” Mr Shoaib told Geo News.

More than 20,000 users have been affected by the security breach, according to the FIA, with credit and debit card details from potentially 22 Pakistani banks among the data compromised.

Cyber criminals have already cashed out $2.6 million from foreign ATMs, according to the Group-IB report, mirroring a similar attack earlier this year during which hackers syphoned more than 940 million rupees (£10.5 million) from ATMs around the world.

“An interesting fact is that cards from this region are very rare on the [dark web] cardshops,” the Group-IB report stated. “In the past six months it is the only one big sale of Pakistan cards.”

In a separate interview with Dawn News TV, Mr Shoaib said it was the responsibility of the banks to protect their customers’ data.

“The hackers have stolen large amounts of money from people’s accounts,” he said.

“The recent attack on banks has made it quite clear that there is a need for improvement in the security system of our banks.”

The State Bank of Pakistan instructed banks to increase vigilance but denied that it had been the victim of a cyber attack. It also revealed that at least six banks in the country have already suspended the use of its debit cards internationally.

“It has come to our notice that few banks have even withdrawn the facility of cards being used outside Pakistan,” Abid Qamar, chief spokesperson for the State Bank of Pakistan, told the Daily Jang.

“Some are [however] allowing this facility upon instructions of their customers only.”