Earlier this week Karachi Electric issued a statement announcing an ‘attempted cyber incident’ following which customers experienced difficulties in lodging power outage complaints via KE Live App, helpline 118, and SMS service 8119. Some customers could also not access their bills via the electric suppliers’ website.
“The KE teams have initiated consultation with international information security experts and are also collaborating with local authorities in this regard,” said KE, allegedly two days after the cyber attack.
“All critical customer services including bill payment solutions and 118 call-center are operational and fully functional, to ensure the integrity of our systems, as a precautionary measure, we have isolated few non-critical services,” the company added.
A local publication then confirmed that Pakistan’s largest private electric supplier has indeed come under a cyberattack commonly known as ransomware. The hackers have now demanded Rs3.8 million to share the decryption key through which KE can regain its lost data. If not paid by September 15, the ransom would be doubled, the hackers warned.
“Financial data is linked to your CNIC (including with bank accounts, credit card). Many consumers pay their bills online. This is sensitive information. NIC details can reveal the date of birth, your mother’s name (in records), and place of birth. This makes you more vulnerable. If any point hackers [in any data breach] are not given ransom, they can sell this to the dark web and this can have repercussions,” Shahzad Ahmed, director Bytes For All (a digital rights NGO) commented on the breach of privacy various KE consumers may face.