Mobilink Pakistan 2020 Data Breach

Mobilink (Jazz) Pakistan Mobile Operator Breach (2013): 44 Million Subscriber Records Including National ID Numbers Exposed

Company · Mobile telecommunications services · Telecom provider · Pakistan

Mobilink (Jazz) Pakistan Mobile Operator Breach (2013): 44 Million Subscriber Records Including National ID Numbers Exposed

Pakistani mobile network operator and digital services provider.

Confirmed · ObscureIQ Intelligence
Breach Risk Index i
62/100
Lower riskHigher risk
High and current: recent, valuable data circulating on the dark web now.
Data Sensitivity i
Elevated
Exposed data raises the risk of fraud, targeting, and impersonation. Proactive steps are warranted.
44.0MRecords
2020Year

The Breach Risk Index (BRI) is a proprietary 0–100 score rating how dangerous a breach is right now, based on how recently the data has been circulating on the dark web and how valuable it is to attackers.

Crucial data exposed
Gov IDGovernment ID
AddressPhysical address
Classification Tags
TelecommunicationsCitizen2020

Breach Summary

A dataset containing the records of approximately 44 million Pakistani mobile subscribers, predominantly Mobilink/Jazz customers, was offered for sale and leaked online in May 2020, reportedly part of a larger cache of ~115 million subscribers. Researchers attribute the underlying breach to around 2017 (the oldest subscription entries date to 2013). Exposed data included full names, mobile numbers, CNIC (national ID) numbers, home addresses (city/region/street), landline numbers, and subscription dates. A seller sought roughly 300 BTC (~$2.1M) for the full package; Pakistani authorities investigated. (NOTE: prior record dated this 2013 and listed only 3 fields; corrected to a 2020 leak / ~2017 breach with the full 6-field set.)

Full threat analysis, exploitation vectors, and principal guidance below.

10 additional sections · verified field analysis · defensive doctrine

Querying breach corpus…
Cross-referencing exposed field types…
Resolving threat-actor attribution…
Compiling principal risk advisory…

44.0M records analyzed

About Mobilink Pakistan

Mobilink, now operating as Jazz, is Pakistan's largest mobile network operator, providing voice, data, and mobile-financial services to tens of millions of subscribers. Owned by VEON, it maintains subscriber identity, CNIC (national ID), contact, address, and billing records required for SIM registration and regulated telecom onboarding in Pakistan.

Why They Hold Your Data

Telecom providers collect subscriber identity, phone numbers, service addresses, billing records, SIM and device data, and account-management information across mobile-service operations.

Recent Developments

The Mobilink brand was retired in favor of Jazz following the 2017 Mobilink-Warid merger, and Jazz remains Pakistan’s leading mobile operator. The leaked subscriber dataset resurfaced and circulated in criminal markets after appearing for sale in 2020; Pakistani authorities opened investigations into the source of the leak.

Data Points Exposed

6 verified field types
Full Name
Government ID Critical
Landline Number
Phone Number
Physical address High
Subscription Date

Breach Impact

The exposure of full names, CNIC national identification numbers, home addresses, and phone numbers for roughly 44 million Pakistani subscribers, reportedly part of a larger ~115 million cache, creates severe identity-theft, SIM-fraud, and targeting risk across a large share of Pakistan's adult population. Because CNIC numbers anchor identity verification in Pakistan, their exposure is especially damaging and long-lasting.

Exploitation & Downstream Threats

• Identity theft and fraud using CNIC national ID numbers, names, and addresses | • SIM-swap and SIM-registration fraud using subscriber + CNIC data | • Targeted phishing, smishing, and vishing across a large share of Pakistan's population | • Doxxing and physical targeting from exposed home addresses | • Account-verification bypass using CNIC + name + phone

Principal Risk Advisory

What this means for a principal

A telecom breach: subscriber and device data supports SIM-swap, account takeover and location inference. For a high-profile principal this is targeting-grade, not merely identity-theft-grade: the combination lets an adversary locate, impersonate, or pressure the principal with little additional work.

What You Should Do

  1. Freeze credit at all three bureaus and monitor for new-account and tax-refund fraud.
  2. Treat the home address as exposed: review mail and package handling and physical-security routines, and brief household staff to verify unusual requests.
  3. Guard against SIM-swap and vishing: add a carrier port-out PIN and verify any 'support' calls independently.
  4. Do not use unofficial 'am I affected' lookups; several are themselves harvesting operations.

How ObscureIQ Can Help

  1. Corpus confirmation: determine whether and where the principal (plus household and staff) appear in this dataset and which specific fields are exposed for them.
  2. Exposure mapping and footprint neutralization: cross-reference against broker-available data and suppress still-removable elements, prioritizing address and phone, since this record re-seeds broker networks.
  3. ThreatWatch tuned to this incident's identifiers and misuse pattern (impersonation and targeting patterns, not generic credential monitoring).

Protect Yourself

Check If You're Affected

Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.

Get Free Breach Alerts

Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.

High-Risk? Get an Exposure Audit

Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.

Request Consultation