The Pakistan Telecommunication Authority (PTA) has denied responsibility for the massive leak of citizens’ personal data now being sold online.
In a statement on Tuesday, the regulator said it does not store or manage subscriber data. PTA stressed that only licensed telecom operators have access to such information.
The denial comes after reports that details of Pakistani citizens, including federal ministers and senior officials, are available for sale on the internet. The leaked records reportedly include mobile SIM ownership, call logs, copies of national identity cards, travel histories, and vehicle registrations.
PTA said its initial review suggests the leaked datasets were “compiled from different external sources” rather than telecom companies. It also claimed that audits of licensed operators have not revealed any breaches.
The regulator added that it has blocked 1,372 websites, apps, and social media pages allegedly involved in selling or sharing personal data. The Ministry of Interior has formed an inquiry committee to probe the case further.
Digital rights groups, however, remain unconvinced. Amnesty Tech warned that Pakistan lacks proper safeguards to protect citizens’ information and called the leaks “a recurring pattern” that highlights systemic weaknesses.
“This is not the first incident. When the state collects vast amounts of data, it must prove that the information is being used only for its stated purpose,” said Hajira Maryam, a spokesperson for Amnesty Tech.
She also warned that mandatory SIM registration linked with NADRA’s database further increases risks. “Without strong data protection laws and independent oversight, citizens remain exposed,” she added.
Civil society groups have long demanded a comprehensive data protection law. For now, the latest breach has once again left Pakistanis asking who is responsible and who will keep their private lives safe.