E-Paper | December 05, 2025

'Almost all' Pakistani banks hacked in security breach, says FIA cybercrime head

Dawn.com | Shakeel Qarar Published November 6, 2018
FIA has written to all banks, and a meeting of the banks' heads and security managements is being called. — File
FIA has written to all banks, and a meeting of the banks' heads and security managements is being called. — File
comments
Whatsapp Channel

In a shocking revelation, the head of the Federal Investigation Agency’s (FIA) cybercrime wing has said data from "almost all" Pakistani banks was stolen in a recent security breach.

"According to a recent report we have received, data from almost all Pakistani banks has been reportedly hacked," FIA Cybercrimes Director retired Capt Mohammad Shoaib told Geo News on Tuesday.

When pressed to clarify, the official said data from "most of the banks" operating in the country had been compromised.

Speaking to DawnNewsTV, Shoaib said hackers based outside Pakistan had breached the security systems of several local banks. "The hackers have stolen large amounts of money from people's accounts," he added.

"The recent attack on banks has made it quite clear that there is a need for improvement in the security system of our banks," he observed.

He said the FIA has written to all banks, and a meeting of the banks' heads and security managements is being called. The meeting will look into ways the security infrastructure of banks can be bolstered.

"Banks are the custodians of the money people have stored in them," Shoaib said. "They are also responsible if their security features are so weak that they result in pilferage."

It wasn't immediately clear when exactly the security breach took place.

According to Shoaib, more than 100 cases are being investigated by the agency in connection with the breach.

"An element of banking fraud which is a cause of concern is that banks hide the theft [that involves them]... and the clients report [the theft] to the banks and not to us, resulting in a loss of people's money," he told DawnNewsTV.

"We are trying to play a proactive role in preventing bank pilferage," he added.

Shoaib said the agency has arrested many gangs involved in cybercrimes and recovered stolen money from them.

A gang was arrested last week whose members used to disguise themselves as army officials and withdraw money from banks after gathering people's data, the official added.

'Data of over 8,000 account holders sold'

The disclosure comes days after around 10 banks blocked all international transactions on their cards, as concerns about a breach of credit and debit card data spread in the banking circles.

Sources told Dawn the State Bank of Pakistan (SBP) has been informed by several commercial banks that they have blocked international payments on debit and credit cards as a precautionary measure after cyber attacks on their clients’ accounts.

According to a digital security website krebsonsecurity.com, data of over 8,000 account holders of about 10 Pakistani banks was sold in a market of hackers.

A large Pakistani bank sent messages to its clients that online mobile banking services would be terminated for a temporary period from November 3 onwards on ‘technical grounds’.

The first cyber attack was reported by BankIslami on October 27. The bank said that Rs2.6 million was stolen from international payment cards after which it has stopped such transactions and allowed biometrically verified payments only on ATM cards within Pakistan.

Next day, the SBP issued directives to all banks to ensure that security measures on all information technology systems — including those related to card operations — are continuously updated to meet future challenges, ensure real-time monitoring of card operations related systems and transactions and immediately coordinate with all the integrated payment schemes, switch operators and media service providers.

Follow Dawn Business on X, LinkedIn, Instagram and Facebook for insights on business, finance and tech from Pakistan and across the world.
Pakistan

Shakeel Qarar is an Islamabad-based reporter for Dawn News (TV), having been with the organization since 2012. His reporting covers crime, law and order, and security, with a specific focus on the Ministry of Interior and its subordinate agencies. He can be found on X at @Qarar009.

Read more

Mukul
Nov 06, 2018 03:39pm
and you expect people to invest in Pakistan ?
Recommend 0
Dr. Salaria, Aamir Ahmad
Nov 06, 2018 03:43pm
What a grave and great tragedy?
Recommend 0
M. Emad
Nov 06, 2018 03:56pm
'Naya' Bank security needed.
Recommend 0
Omar Hussain
Nov 06, 2018 03:57pm
Pakistan is far behind the West in cybersecurity. The result is that many cyber-criminals have switched to easier targets.
Recommend 0
salman
Nov 06, 2018 04:00pm
Is there any link between cyber attack and the fake accounts case?
Recommend 0
Alba
Nov 06, 2018 04:02pm
Shoaib said, "The banks are also responsible if their security features are so weak that they result in pilferage." _ It wasn't immediately clear what Mister Shoaib expects banks to do about it.
Recommend 0
SHAHID SATTAR
Nov 06, 2018 04:11pm
Who is responsible for this massive sabotage act? Who is working to unearth the crooks? Is it some group or is any country 's agency is involved?
Recommend 0
MANI KANT
Nov 06, 2018 04:16pm
Hi from New Delhi, We can structure Cyber Insurance schemes for your banks which can indemnify you in case of losses suffered by your customers and the banks due to hacking of data and misuse of it. The clients can sue the banks and the bank will have recourse in the insurance plan which includes defence cost too.
Recommend 0
Dr.Salaria,Aamir Ahmad
Nov 06, 2018 04:20pm
We know who did it and we will do double the damage.
Recommend 0
Zak
Nov 06, 2018 04:21pm
This is one more area we need Chinese advancements .
Recommend 0
bhaRAT
Nov 06, 2018 04:22pm
I am flabbergasted, we need to upgrade our hardware and software to latest tech.
Recommend 0
Aemal Ahmad
Nov 06, 2018 04:28pm
I received such fraudulent call on Oct 20, asking about my account details and explaining who they are. I hanged up on them and called FIA for like 5 times to save other from getting breached. But unfortunately no one received my call and then I forwarded an email to FIA complaint center, mentioning all the details with the phone number of scammer. Again I failed, because whoever is sitting there either can't read an email or at least not cognizant of his or her obligations.
Recommend 0
Operation Rajiv 87
Nov 06, 2018 04:29pm
Pakistani banks are more unsafe. Better keep invested or keep at home.
Recommend 0
A shah
Nov 06, 2018 04:41pm
Is this a joke?
Recommend 0
Turnip
Nov 06, 2018 04:42pm
"Next day, the SBP issued directives to all banks to ensure" Next day? It should have been "Last year" The horse has already bolted ...
Recommend 0
MANI KANT
Nov 06, 2018 04:42pm
Hi from Delhi, We can assist you in structuring Cyber Insurance programs to indemnify the banks in case of loss of data and the customer suing the bank. This insurance plan will also help in meeting the defence cost. We have done so for banks in India.
Recommend 0
Solomon The King
Nov 06, 2018 04:53pm
none of the banks has warned or alerted the customers about the new tactics of the online looters, and they should be made to compensate the customers for their lost savings due to lack of the publicity. One ad could have done more for the customers.
Recommend 0
Lord Ickenham
Nov 06, 2018 05:09pm
Iron brother would pay for the loss
Recommend 0
Sweets
Nov 06, 2018 05:25pm
In 21st century data is new gold! So keep Ur data safe using safe measures and controls.
Recommend 0
Shad
Nov 06, 2018 06:01pm
@M. Emad, So no security?
Recommend 0
Adil Jadoon
Nov 06, 2018 06:03pm
@Alba, improve security software...
Recommend 0
J
Nov 06, 2018 06:11pm
@Dr.Salaria,Aamir Ahmad, who did it?
Recommend 0
bhaRAT©
Nov 06, 2018 06:12pm
@Mukul, "and you expect people to invest in Pakistan ?" We were not looking for anything from you and Modi. So don't you worry!
Recommend 0
Faisal Abbas
Nov 06, 2018 06:22pm
How can you let this information out like this. This will result in massive trust breach.
Recommend 0
Hammad Jamil
Nov 06, 2018 06:26pm
It is very serious issue if it it true
Recommend 0
HonorBright
Nov 06, 2018 06:29pm
got to withdraw my 8,000 before it's too late
Recommend 0
NK
Nov 06, 2018 06:31pm
@Dr. Salaria, Aamir Ahmad, "What a grave and great tragedy?” Why worry. Just hang tough.
Recommend 0
NK
Nov 06, 2018 06:32pm
@Mukul, "and you expect people to invest in Pakistan ?" Don't assume that banks in India are any more secure.
Recommend 0
NK
Nov 06, 2018 06:35pm
@MANI KANT, "Hi from New Delhi, We can structure Cyber Insurance schemes for your banks which can indemnify you in case of losses suffered by your customers and the banks due to hacking of data and misuse of it. The clients can sue the banks and the bank will have recourse in the insurance plan which includes defence cost too." Prevention is better than cure. The insurance is a blank cheque for 'no security'. The insurance premium depends on the security measures a bank takes. So it is not a good idea to buy insurance and have no security.
Recommend 0
tariqCanada
Nov 06, 2018 07:09pm
As an overseas Pakistani these big Pak banks lives so difficult for us to unlock accounts as they thought they have fool proof security. There was no convenience and no security after all, what a shame
Recommend 0
tariqCanada
Nov 06, 2018 07:11pm
@Sweets, Name a single country whose banks are fool proof secured?
Recommend 0
Mkp
Nov 06, 2018 07:26pm
@Zak, no no. This is Chinese technology
Recommend 0
omveer
Nov 06, 2018 07:38pm
But Your foreign minister says that you are out of the woods : perhaps into a deep economic abyss.
Recommend 0
Aravindan S
Nov 06, 2018 07:42pm
So far Pak has excelled in only one industry, it's time to invest resources in other worthwhile industries.
Recommend 0
Dr. Sohail
Nov 06, 2018 08:06pm
All transactions should have sms code based verifications even on credit cards.
Recommend 0
Karim
Nov 06, 2018 08:11pm
This is highly irresponsible statement from FIA given they have no clue whatsoever how these systems work and how the data was compromised. It's like creating unnecessary panic which will not help the economy at all.
Recommend 0
Waqar (UK)
Nov 06, 2018 08:23pm
Will this influence Zardari's fake account case in the courts?
Recommend 0
Dr. Sohail
Nov 06, 2018 08:32pm
The banks should do transactions after SMS verification.
Recommend 0
begging in Beijing
Nov 06, 2018 08:35pm
Dear Pakistani's Please submit yourself completely to China for better security measures in Banking sector. Happy Naya Pakistan
Recommend 0
begging in Beijing
Nov 06, 2018 08:35pm
Dear Pakistani's Please submit yourself completely to China for better security measures in Banking sector. Happy Naya Pakistan
Recommend 0
Padam
Nov 06, 2018 08:57pm
This is not technically a security breach as the data was stolen by skimming from POS and ATM machines and cards were cloned from that data. When a credit or debit card is swiped through a skimmer—often disguised and installed at ATMs and POS—the device captures and stores the details stored in the card's magnetic stripe of chip. Thieves can then use this stolen data to make fraudulent transactions either online or with a cloned counterfeit card.
Recommend 0
2CENTS
Nov 06, 2018 09:03pm
This seem to be handiwork of certain neighboring country.
Recommend 0
lion
Nov 06, 2018 09:09pm
because they do not send a one number code in an sms to the registerd number , for every transaction. Most banks were doing that, now they have stopped. Could be cost or new IT platform , whatever the reason - sms code number isn't coming for every transaction. That is number 1, secondly Pakistan government (any gov website can tell you how poor it is) and Pvt companies are decades behind in IT platforms deployment as well as security. Companies invest only in sales people to bring clients they do not understand IT and neither do local institutes do business purchasing training. Such as servers and capacity should be bought with advance planning. How many corporates here even run UNIX? All are running windows probably PSX as well, or recently PSX was running text based programme. Meetings are happening after the incident. Most usage is from online in app stores shopping and video interactive apps.
Recommend 0
Truth
Nov 06, 2018 09:29pm
@Zak, come on Zak I thought u knew everything
Recommend 0
Truth
Nov 06, 2018 09:30pm
@Dr.Salaria,Aamir Ahmad, yes that's what I am on about
Recommend 0
WeCare
Nov 06, 2018 09:32pm
Lack of security is most likely due to those in charge of security the IT infrastructure at these places. Or maybe they are informing the decision makers, but the decision makers likely have no idea what IT security people are telling them or warning them about. Almost all online charitable sites, NGOs or donation sites in Pakistan are ill-equipped in terms of basic security safeguards. And this includes the online donation site for the DAM.
Recommend 0
Operation Rajiv 87
Nov 06, 2018 10:15pm
Earlier, a local Islamic bank lost Rs800 million after a cyber attack on the data of its payment card. People in islamabad are returning empty handed from banks
Recommend 0
Pakistani
Nov 06, 2018 10:16pm
Data theft needs to be understood as a given now. The best safeguard is to for people to not provide data and for third parties and agencies to NOT collect data. But what can you do when people themselves fill third party services (facebook, pinterest, twitter) with their extremely personal data themselves. As for agencies, the laws need to not collect data - instead of focusing on how to safeguard it. Because technical guarantees to safeguard data would simply never be enough. And legal guarantees to safeguard data are practically meaningless since data once stolen is privacy compromised and nothing can undo that damage. For now, Pakistan is safer in that data is not needed in that many places or your civil life is not tied to it in too many ways. Western world, everything is tied to your personal information - insurance, loans, eligibility for job etc. So rather than following in their footsteps and making data the center piece of the society, it is better to stay unconnected.
Recommend 0
Saint Mercury
Nov 06, 2018 10:20pm
And Imran khan wants foreign companies to invest in Pakistan.
Recommend 0
Tariq Abbasi
Nov 06, 2018 10:24pm
Very frightening!
Recommend 0
Waqas Saeed
Nov 06, 2018 10:32pm
Oh, after taking actions against money launderers, this new wave of hacking is moving across the banks for the first time in PAK's history. Money launderers have to get back the illegal money, the route of which they are following is, hacking. Banks and Corrupts have become united. The price of Corruption is paid by the mediocres and similarly, the price of hacking is too paid by the middle class and the poor.
Recommend 0
Waqas Saeed
Nov 06, 2018 10:38pm
@MANI KANT, Thanks Mr. Kant, keep your suggestion to yourself.
Recommend 0
Lahori kid
Nov 06, 2018 10:44pm
Is the FIA sure it wasn't an inside job?
Recommend 0
Lahori kid
Nov 06, 2018 10:46pm
Are you telling us that the banks had no idea that the people's money was being stolen? What kind of had security system do these banks have in place? This is 2018, there should have been red flags all over the place
Recommend 0
Rehmat Ali
Nov 06, 2018 11:08pm
Why hackers not hack fake accounts of corrupts leaders and politicians? Only normal citizens are hacked! Its a matter of questions !
Recommend 0
Omer
Nov 06, 2018 11:13pm
There is press release today by State Bank of Pakistan ERD/M&PRD/PR/01/2018-93 which clarify that except for one bank no other banks data have been hacked. The information circulating on news sites is inaccurate. Visit the SBP site to see the press release.
Recommend 0
hanif smile
Nov 07, 2018 12:00am
I am a Cyber Security Professional in US. Its not uncommon to hack anyone's data, it happens everywhere around the world, even US government data have been hacked in the past, Google, yahoo, you name it. its not hard to secure data and websites, but its a constant process and it need to be done on first priority. Pakistan has smart people I am sure they will work it out.
Recommend 0
Dr Arslan
Nov 07, 2018 12:07am
The ATMs in Pakistan are running on Windows XP which I believe was retired from updates and services by Microsoft 7 years ago.
Recommend 0
Miko
Nov 07, 2018 12:54am
Indian and Russian thieves
Recommend 0
Ram Barose
Nov 07, 2018 01:02am
Lets get it clear. The hackers took out the money or considering the bankrupt situation put back some money?
Recommend 0
Sajjad memon
Nov 07, 2018 01:15am
Pakistani Banks are highest safety standards as most of the banks do not have internet transactions enabled. Frauds in payment cards are common and they are mostly covered through insurance.
Recommend 0
Ayesha
Nov 07, 2018 01:22am
What a shocking revelation. What will become of this nation? Is nothing secure or sacrosanct? What steps will the banks and the government now take ? Who will reimburse losses to the public?
Recommend 0
Naxalite
Nov 07, 2018 01:35am
@Mukul, That have nothing to do with investment
Recommend 0
A
Nov 07, 2018 02:56am
Probably paid job by political leaders for money laundering.
Recommend 0
MG
Nov 07, 2018 03:44am
Only 3 countries master cyber security namely Israel, US and India. Pl engage firms from there, they are all very professional.
Recommend 0
MG
Nov 07, 2018 03:52am
Shuold not forget on insider attackers
Recommend 0
Anonymouseeeee
Nov 07, 2018 07:10am
Happens in India as well.
Recommend 0
Be honest
Nov 07, 2018 08:00am
I blame banks for failing to protect the money of its account holders. They should have increased security by protecting cyber crime. They should have equipped their banks with modern software to protect the savings of account holders. Hackers must be brought to light and looted money must be returned to all account holders.
Recommend 0
Tiwana
Nov 07, 2018 08:01am
@NK, I live in India and I have lived in Australia for ten years and I can assure you Indian banks are better secured than Australian leave aside pakistanis
Recommend 0
Khanm
Nov 07, 2018 08:13am
What a hack ...are they using the same secirity software...it is an inside job...
Recommend 0
Salvador
Nov 07, 2018 08:37am
@Anonymouseeeee, happens in India also!! sounded like a pathetic pass the baton moment
Recommend 0
Salvador
Nov 07, 2018 08:41am
@2CENTS, why would your neighbors want to hack into empty bank accounts waiting for handouts
Recommend 0
Chinpaksaddique
Nov 07, 2018 02:41pm
I will withdraw all the accounts in the family and put it safely in Chinese banks, at least till the storm settles.
Recommend 0
Nasir Askar
Nov 07, 2018 03:39pm
@Mukul, It happens all over the world. So we should not invest elsewhere in the world also
Recommend 0
Zahid Zubair Malik
Nov 07, 2018 05:19pm
The solution to tighten the security controls in Banking Industry is to implement DLT (Decentralized Ledger Technology - Blockchain / Hashgraph) on core banking systems in Pakistan.
Recommend 0
Mrs.Hamayyun
Nov 07, 2018 10:32pm
Yes it's so prevalent these days as just 2 hrs ago my husband received a call from his bank call centre to ensure did he make transaction of 1lac 25000 on his credit card....and to our shock he DIDN'T I don't know what he is gonna do now....is he supposed to clear the bill anyway!!
Recommend 0
vik
Nov 07, 2018 11:38pm
This has a similar signature as was done on a Bangladeshi Bank.
Recommend 0
AKB
Nov 08, 2018 01:01am
Tension free package. Keep all your money into old socks at home.
Recommend 0
Faraz
Nov 08, 2018 08:58am
I am a little amused to know how the FIA knows that banks are hacked while the banks itself don't know this? If FIA is so competent shouldn't they be providing a security algorithm to counter this issue rather than banks banning international credit card transactions?
Recommend 0
krishna
Nov 08, 2018 09:38am
@bhaRAT©, : Not expecting is also and expectation...
Recommend 0
Kris
Nov 08, 2018 09:58am
Don't panic, that was just China taking back the money owed to them.
Recommend 0
From USA, SYED A. HYDER, Ph.D.
Nov 09, 2018 09:21am
@Mukul, If these rogue activities would curtail investments then NO one should invest in US. In recent years millions and millions of accounts and credit cards have been compromised. Credit card companies and banks have cancelled the cards and at a cost of millions of dollars have to reissue credit cards. When bank data got stolen the customers were reimbursed. According to you, Mr. Mukul, no one should do any financial business with American financial institutions?
Recommend 0

Most Popular

01
02
03
04
05
06
07
08
09

Latest Stories

Opinion

Editorial

Protection for all
Updated 04 Dec, 2025

Protection for all

ACHIEVING true national cohesion is not possible unless Pakistanis of all confessional backgrounds are ensured their...
Growing trade gap
04 Dec, 2025

Growing trade gap

PAKISTAN’S merchandise exports have been experiencing a pronounced decline for the last several months, with...
Playing both sides
04 Dec, 2025

Playing both sides

THERE has been yet another change in the Azad Jammu and Kashmir Legislative Assembly. The PML-N’s regional...
In words only
Updated 03 Dec, 2025

In words only

NATIONAL Assembly Speaker Ayaz Sadiq seems to have taken serious affront to combative remarks made by Pakhtunkhwa...
Detainees’ rights
03 Dec, 2025

Detainees’ rights

IN a system where mistreatment, torture and even death of individuals in custody are not uncommon, the Rights of...
Excluded citizens
03 Dec, 2025

Excluded citizens

WHEN millions are ignored by the state, it is not the people who are disabled, it is the system. Governments have...
On DawnNews
Dawn News English
Subscribe