A significant cybersecurity incident has reportedly compromised the database of Pakistan’s Higher Education Commission (HEC), exposing the personal information of more than 1.5 million citizens. A threat actor claiming responsibility for the breach alleges that the leaked dataset contains extensive sensitive records.
The cybercriminal recently advertised the dataset on a prominent cybercrime forum, claiming the records were obtained directly from the HEC’s centralized higher education database. The attacker described the data as a newly compiled 2026 dataset and asserted that it contains no duplicate records.
To support the claim, the threat actor published sample records on the forum and encouraged cybersecurity researchers to independently verify the information. The individual also urged media outlets and analysts not to describe the incident as an “alleged leak” until the authenticity of the data could be confirmed.
According to details shared online, the leaked database contains extensive personally identifiable information (PII), including application identification numbers, full names, Computerized National Identity Card (CNIC) numbers, fathers’ names, email addresses, mobile phone numbers, usernames, gender, dates of birth, nationality, religion, blood group information, and complete postal and permanent addresses.
The Higher Education Commission had not publicly commented on the reported breach at the time of publication, and the authenticity of the dataset could not be independently verified.
In July last year, Columbia University also suffered a similar major data breach, with hackers stealing 460 gigabytes of sensitive data, including admissions records, login credentials, and personal data of students.
Cybersecurity experts warn that if confirmed, the breach could pose significant risks to affected individuals. The combination of national identity numbers, contact information, and demographic data could enable identity theft, financial fraud, and sophisticated phishing attacks.
Analysts also cautioned that cybercriminals may exploit the information to conduct SIM-swap fraud by impersonating legitimate account holders when dealing with telecommunications providers. Such attacks can allow criminals to gain access to victims’ phone numbers and, in some cases, bypass security measures protecting financial and online accounts.
Experts further warned that the exposed records could facilitate long-term surveillance and targeted cyber operations against students, researchers, academics, and individuals connected to government institutions.
The incident highlights growing concerns about cybersecurity and data protection in Pakistan, where public and private organizations have increasingly become targets of cyberattacks aimed at harvesting sensitive personal information.
