Ransomware victim disclosure
← All victimsNADRA
listed as nadra.gov.pk - NADRA official Of Pakistan Army & (Andhra Pradesh) · Claimed by Babuk · listed 1 year ago
Status timeline
- ListedMar 27, 2025
- Data leakeddate unknown
At a glance
- Group
- Babuk
- Status
- Data leaked
- Country
- Pakistan
- Sector
- Public Sector
- Listed on leak site
- Mar 27, 2025
About the victim
AI dossier — public-source company profileNADRA (National Database and Registration Authority) is Pakistan's federal agency responsible for issuing national identity documents (CNICs), managing civil registration, and maintaining the national population database. It operates under the Ministry of Interior and serves as the primary identity verification authority for Pakistan.
- Industry
- Government Identity & Civil Registration
- Address
- Headquarters: Islamabad, Pakistan
- Founded
- 1997
Attack summary
Severity: critical — Confirmed exfiltration of national identity database at scale, directly impacting millions of Pakistani citizens' PII, biometric data, and government military records. This is a foundational government infrastructure breach with geopolitical implications.Babuk claims to have breached NADRA and published exfiltrated data. The group asserts access to Pakistan Army records and claims the breach affects national identity and civil registration systems.
Data the group says was taken
AI dossier — extracted from the leak post- National identity records (CNIC database)
- Civil registration data
- Pakistan Army records
- Personal identification information
What the group claims
nadra.gov.pk - NADRA official Of Pakistan Army & (Andhra Pradesh)
Sources
- Victim sitenadra.gov.pk
Source
Indexed 1 year agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

