Pakistan to pass new cybersecurity policy by December after Egyptian app's data breached

ISLAMABAD: Pakistan’s Minister for Information Technology has said a national cybersecurity and personal data protection policy will be implemented by December this year once it is passed by parliament, after popular bus-sharing service Swvl said it had suffered a major security breach that comprised user data of over half its customers.
In April this year, Dubai based information security company Rewterz claimed the private data of 115 million Pakistani mobile users was up for sale on the dark web.
In the latest breach, Egyptian bus-sharing app Swvl has said the data of more than 50 percent of the company’s user base had been breached, according to Shahzeb Memon, Pakistan general manager for the service, who told Arab News Swvl became aware of the unauthorized access in the first week of July.
In light of such incidents, a bill “related to personal data protection will pass from the parliament very soon,” minister for IT Syed Amin ul Haque said, adding: “I am very hopeful that we will complete all procedures by December this year.”
“The ministry of IT is working on cybersecurity and data protection for the last many months,” he said. “We have drafted a bill for legislation which remained on our website for public viewing. We got feedback from the public and other stockholders from inside the country as well as abroad, including the United States.”
Haque said his ministry was in touch with several companies which had access to public data to ensure incidents like the Swvl breach not not happen in the future.
“We have established a committee in this regard which has people from the IT ministry and law enforcement agencies,” Haque said. “We will try that no such data breach should occur in the future.”
Swvl was founded in April 2017 and operates buses along fixed routes, allowing customers to reserve and pay for rides using an app. It has operations in many countries, including Egypt, Kenya and Pakistan, where it launched last year.
“The investigation into the breach is still underway, but at this stage, it is clear that the data which was compromised is restricted to names, email addresses, and phone numbers,” Swvl’s Memon said. “Rest assured that our investigation ensures that passwords and credit card information were not affected or exposed.”
“The vulnerabilities have been addressed,” he added, “and we are working tirelessly to make sure this doesn’t happen again, including deploying further additional security measures.”