ISLAMABAD: A day after remarks of a senior Federal Investigation Agency’s (FIA) official about security of the National Database Registration Authority’s (Nadra) data set off alarm bells, Nadra on Friday rejected as misleading the claim of citizens’ data being compromised.

Making it clear that Nadra’s data was not available online and had never been hacked or compromised, a senior Nadra official said the Authority does not provide unauthorised access either to its databases or citizen ID data.

“Instead, multi-layered control mechanisms and well-defined policies and practices have been implemented for the security and protection of all data that Nadra stores by taking all preventive measures”.

He said the Nadra management has taken a strong exception to what he called an irresponsible statement issued by a senior government official and has requested the relevant authorities to seek an explanation from the officer concerned.

Says its data is not available online and has never been hacked or compromised

“These baseless insinuations carry unintended consequences, including reputational damage to the organisation servicing foreign governments and clients as the leading system integrator.”

He regretted that as the irresponsible statement came at a critical juncture when Nadra after a lapse of six years was re-establishing its footprints as one of the leading ID solutions providers in the world and establishing prowess as trailblazer in ID world, such an allegation may result in hampering its efforts to regain market place in ID world.

He said Nadra, as the national registration authority, ensures through its design, policies and practices that privacy of citizens’ ID remains utmost priority.

In this regard, Nadra has always developed its products, services and infrastructure by incorporating security by default (SbD) protocols that ensures the protection of data at utmost level.

In addition, implementing a privacy-by-design-and-security-by-default (PbD &SbD) approach, Nadra deploys four types of controls in order to ensure privacy and protection of data. Moreover, Nadra IT and information security controls are aligned with world’s best information and security practices and standard ISO 27001 (ISMS).

The IT infrastructure of Nadra goes through regular internal and external security audits and vulnerability and penetration testing.

“Nadra uses the Defence in Depth (DiD) multi-layered approach to cyber security in which a series of defensive mechanisms are layered to protect citizens’ data and information. If one mechanism fails, another steps up immediately to thwart an attack,” he explained.

Nadra Chairman Tariq Malik, when contacted, linked malicious and baseless stories against Nadra with the attempts of Pakistan’s enemies to trigger creative chaos and create a trust deficit between the State and citizens.

He was disappointed to see how non-technical bureaucrats and some public servants play naively in furthering the agenda of enemies.

“Nadra’s data has been compromised, it has been hacked,” FIA Cybercrime Wing Additional Director Tariq Pervez claimed during a briefing to the National Assembly’s Standing Committee on Information Technology and Telecommunication on Thursday.

He subsequently attempted to clarify his remarks and said that all of Nadra’s data had not been hacked. “During the SIM verification process involving biometric data, Nadra’s biometric system is compromised,” he said, without providing further explanation.

Later on FIA retracted from the rem­arks of the additional director made during the meeting of the National Assembly Standing Committee on Information Technology and Telecommunication.

An official statement issued by FIA authorities said, “It is clarified that no such statement was given about the hacking of data which had been misrepresented”.

Denying any such hacking of biometric data, Nadra in an official statement issued immediately on Thursday said Nadra multi-biometric data is secure and well protected from any hacking attempt.

Published in Dawn, November 27th, 2021