Company · Mobile telecommunications services · Telecom provider · Pakistan
Pakistani mobile network operator and digital services provider.
The Breach Risk Index (BRI) is a proprietary 0–100 score rating how dangerous a breach is right now, based on how recently the data has been circulating on the dark web and how valuable it is to attackers.
A dataset containing the records of approximately 44 million Pakistani mobile subscribers, predominantly Mobilink/Jazz customers, was offered for sale and leaked online in May 2020, reportedly part of a larger cache of ~115 million subscribers. Researchers attribute the underlying breach to around 2017 (the oldest subscription entries date to 2013). Exposed data included full names, mobile numbers, CNIC (national ID) numbers, home addresses (city/region/street), landline numbers, and subscription dates. A seller sought roughly 300 BTC (~$2.1M) for the full package; Pakistani authorities investigated. (NOTE: prior record dated this 2013 and listed only 3 fields; corrected to a 2020 leak / ~2017 breach with the full 6-field set.)
Full threat analysis, exploitation vectors, and principal guidance below.
10 additional sections · verified field analysis · defensive doctrine
44.0M records analyzed
Mobilink, now operating as Jazz, is Pakistan's largest mobile network operator, providing voice, data, and mobile-financial services to tens of millions of subscribers. Owned by VEON, it maintains subscriber identity, CNIC (national ID), contact, address, and billing records required for SIM registration and regulated telecom onboarding in Pakistan.
Telecom providers collect subscriber identity, phone numbers, service addresses, billing records, SIM and device data, and account-management information across mobile-service operations.
The Mobilink brand was retired in favor of Jazz following the 2017 Mobilink-Warid merger, and Jazz remains Pakistan’s leading mobile operator. The leaked subscriber dataset resurfaced and circulated in criminal markets after appearing for sale in 2020; Pakistani authorities opened investigations into the source of the leak.
The exposure of full names, CNIC national identification numbers, home addresses, and phone numbers for roughly 44 million Pakistani subscribers, reportedly part of a larger ~115 million cache, creates severe identity-theft, SIM-fraud, and targeting risk across a large share of Pakistan's adult population. Because CNIC numbers anchor identity verification in Pakistan, their exposure is especially damaging and long-lasting.
• Identity theft and fraud using CNIC national ID numbers, names, and addresses | • SIM-swap and SIM-registration fraud using subscriber + CNIC data | • Targeted phishing, smishing, and vishing across a large share of Pakistan's population | • Doxxing and physical targeting from exposed home addresses | • Account-verification bypass using CNIC + name + phone
A telecom breach: subscriber and device data supports SIM-swap, account takeover and location inference. For a high-profile principal this is targeting-grade, not merely identity-theft-grade: the combination lets an adversary locate, impersonate, or pressure the principal with little additional work.
Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.
Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.
Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.
Request Consultation