Cybersecurity Scare: NDMA Denies Alleged Data Breach of Pakistan’s Disaster Surveillance System. The National Disaster Management Authority (NDMA) has officially dismissed reports of a massive cyberattack on its National Emergency Operations Centre (NEOC). The clarification comes after a high-profile threat actor claimed to have breached the high-tech hub, allegedly stealing source codes and sensitive personal databases of thousands of citizens.
Read More: FIA Uncovers Major Human Trafficking Network Using ‘Fake Sports Teams’ to Smuggle People Abroad
The Alleged Breach: What the Hacker Claims
A cybercriminal operating under the alias “h4xorvats” recently posted on a dark-web forum, claiming to have successfully infiltrated the NEOC environment on April 4, 2026. The hacker asserted that the stolen data dump included:
-
Full Source Code: Over 13,000 files related to the NEOC’s web and mobile applications.
-
Sensitive Databases: Claims of access to CNIC numbers, bank account details, employment records, and medical histories (including vaccination and patient diagnosis data).
-
Location Data: Village addresses, age, and gender profiles.
NDMA’s Firm Denial: “Fabricated News”
Speaking on the condition of anonymity, a senior official at the NDMA categorically denied any security incident. The official clarified that the reports are “fabricated” and “incorrect,” stating that there has been no suspicious activity within the NDMA’s digital environment.
Key points from the NDMA’s defense:
-
Public Domain Data: The NDMA primarily deals with natural hazard data, satellite imagery, and climate sensors. This data is already public and available on their official website for transparency.
-
No Private Data Stored: The official emphasized that the NEOC does not collect or store personal medical records, bank details, or private citizen information, as it is outside their operational mandate.
-
Mandate Check: Since the NEOC focuses on early warnings for floods, earthquakes, and climate shifts, the hacker’s claim of having “medical and banking records” from this specific system is logically inconsistent with the platform’s purpose.
Potential Risks of Such Claims
While the government has denied the hack, cybersecurity experts warn that even the rumor of such a breach can be dangerous. If such a database were real, it could lead to widespread identity theft and targeted phishing campaigns. Experts suggest that the hacker might be attempting to “repackage” old leaked data from other departments to damage the reputation of the NEOC, which is Pakistan’s premier AI-driven disaster monitoring hub.
Current Status
As of today, the NEOC systems are fully operational. The NDMA has assured the public that all systems are secure and that the AI-powered disaster response tools—utilizing over 300 climate sensors—continue to monitor the country’s safety without interruption.
