Lack of proper and updated cyber security mechanism had resulted in data being stolen from the website of Securities and Exchange Commission of Pakistan (SECP), according to an initial report.
The data scrapped had included the names of companies along with their directors’ computerized national identity card (CNIC) numbers, permanent addresses and names of the fathers of those directors.
The initial report has said that by using a weak digital link of the SECP’s website, hackers were able to scrap off data; further adding that the hacking could have been averted if the test ‘vulnerability and penetration testing’ would have been conducted in time. The test that was due in February has not yet been carried out.
According to a media report, SECP with the cooperation of Pakistan Telecommunication Authority (PTA) was able to close down www.companieshouse.pk, where some information was placed, and also domain registration of companieshouse.pk has been requested to be cancelled.
National Telecommunication and Information Security Board (NTISB), a federal agency, has asked for briefing over the matter on September 1. NTISB advises the federal government about security aspects of information and telecommunication. NADRA, PTA and NTC comprise NTISB’s board.
A media report has also claimed that preliminary work along with investigations has already been started by NTISB. The report has also quoted a spokesperson saying that a third-party security audit firm has been hired to conduct an independent Vulnerability and Penetration Testing (VAPT) of the website as well as all application programming secret keys used for data exchange with government have been changed.