try uploading it to an image sharing website and post the link here

Sometimes PW also update their article. It is visible in the date “Last Updated on ____”. Well if they change it the editor should write a small paragraph noting the changelog, but do you think it will happen. Here is a scrollshot of the original article, if they change it we’ll have public proof:

data:image/jpeg;base64,/9j/4AAQSkZJRgABAQAAAQABAAD/4gHYSUNDX1BST0ZJTEUAAQEAAAHIAAAAAAQwAABtbnRyUkdCIFhZWiAH4AABAAEAAAAAA

https://www.pakwheels.com/blog/pak-suzuki-data-allegedly-for-sale-on-dark-web/
Pak Suzuki Data Allegedly For Sale On Dark Web
By Omar Faruq On Apr 16, 2024

The article goes into more detail than the CarSpiritPk article.
The PW article has 350 words but the CSPk article has only 150 words. Surprise surprise this is one of the unique events when the PW entry provides more details than the CSPk entry and is not a paraphrase of the CSPk entry.

The PakWheels article quickly loses its quality when it shows the screenshot of the circular posted to the PSX website Post-ID: 228988 and says “When asked about the notification swirling around on social media sites, the company official rubbished the circular citing doubts on its font.“, “The notification confirms that PSMC has acknowledged the cyber-attack and leakage of corporate data. Also, as per that fake circular, initial investigations have revealed that sensitive information, such as HR records and financial data, has been illicitly transferred to public IP addresses.”

ROFL moment. Did the hackers hacked enough to successfully submit a document to the PSX Data Portal Service? If you want to see this circular on your own, go to https://dps.psx.com.pk/company/PSMC, click/tap ANNOUNCEMENTS. It is the fourth button on the green menu bar.
The screen will then scroll down to the Announcements, where you have to click/tap the 3rd button “Others”, there on the 2nd number you can see “Apr 15, 2024 Cyber Attack on PSMC Information System”. The only button available is “View”. For some documents the “PDF” button is also available, but for some it isn’t.

Now it is the opportunity to speculate who is incompetent: Alleged Pak Suzuki official who has “rubbished” the “circular” “circulating on social media”? (Ok ok that could be an explanation to how the data breach did happen.) Or PakWheels Blog who did not dig it through to the source? O-hello, it is not from the social media! It is a direct declaration by the company secretary to the PSX.

Some screenshots were also in circulation on the social media saying that this data is for sale for US$ 5000. These screenshots may be fake or it may be scammers who will take cryptocurrency = USD 5000 and never respond again.

PakSuzuki is at a critical juncture in history. It was recently removed from the KSE-100 index and has begun delisting from the PSX too.

Companies have a responsibility to keep the data of their employees, vendors, contractors etc. safe. But in Pakistan it seems like HR department is only there to pressurize workers into submission and has no responsibility or accountability to keep the PII (Personally Identifiable Information) of the workers safe. It is expected that the company will behave solipsistic and as per the main character syndrome, they will say “our details of remuneration were classified data which gave us a competitive edge over others” and try to keep the focus away from the fact that the name, address, details of kin & dependents, street address, phone numbers, salary (bank) account numbers, NIC numbers, passport numbers and any medical insurance details and most of all any medical history of a large swath of people may have been compromised, leaving a great number of people vulnerable to identity theft and fraud.
The Data Protection Bill presented by MoIT&T is still in the doldrums while there is much hullabaloo about laws concerning national security, tax evasion and regulating the electronic media. Once the Data Protection Bill is enacted, companies will have to take cybersecurity seriously or suffer bankrupting level of penalties even for small data breaches. DPB will bring European GDPR-level of cybersecurity to Pakistan. Till then the companies will continue to behave narcissistic and blaming others for their own pitfalls.

The PII of a large number of Pakistani people does not seem to be worth 5k USD, since most Pakistanis are poor and workers, supervisors, engineers and managers alike are underpaid, and there is no chance they have big enough bank balance for some criminals to target them.

Now come to the “financial data” part of the press release. This is the interesting bit. As PakSuzuki was a stock-exchange-listed company, all the financial info is already publicly declared in each quarter, available on the PSX website. Any person who can use a desktop, laptop, tablet or mobile can download the financial data from here https://dps.psx.com.pk/company/PSMC to read.

But it comes with a major BUT that those PDFs are “as declared” financial info and already there have been complaints to PSX that PSMC have been fudging their numbers for years & years and misdeclaring on the stock exchange. The latest quarterly report available on PSX DPS is also from Sep-2023, no publicly declared info from the time period when they began delisting.
It could be that people who are unhappy with PSMC not paying out dividends or people who are not happy with the buyback and/or the buyback price of PSMC may be behind the attack. They may or may not be IT-related people but the way the nature of the attack has been declared, it was just data theft. If it was a sabotage, then they would have corrupted the data to be unusable and the plant would suffer from non-production days because machines won’t work, inventory management system won’t have the right data so the stores departments would be suffering too. If it was a ransomware attempt then the hackers would have wanted money to restore the files.

It feels like someone was hungry for the financial data from the outset … there are no competitors of PakSuzuki. The press release does not say that any process data, product data, R&D or engineering data was taken. Needless to say if PakSuzuki had the latest and greatest technology patents of beautifully designed bodies, latest tech powertrains, low-fuel consumption engines or novel materials, they could have been the target of the hackers. Suzuki produces globally obsoleted models. Nobody globally has the need for design drawings of Bolan or Ravi. Not even parts manufacturers would be interested in CAD drawings or CNC models for spare parts of obsoleted vehicles that only run in Pakistan. Those vehicles are not being produced in any country, in fact long long after the production ended, those cars have ceased to appear on the roads in every country of the world. Not only no manufacturer needs those spare parts, no vehicle-owner needs those parts either. And anyway the dies and moulds for those shapes can be easily replicated by buying the actual part for mere rupees from any shop.

So ~ only data theft, no ransomware, no sabotage, PIIs not worth a few thousand dollars, no enticing technically advanced product/material design, and a few disgruntled shareholders. Either they could be behind this breach. Or an independent 3rd party hacker network who would now try to peddle this data to them.

It could be a nation-state level hacker who wants to use the current friction between Pakistan and Japan over Pakistan’s export policy to further damage the diplomatic relations of the the 2 countries. It could be a bluff from PSMC itself to achieve some yet unknown goals. They may use it to further FUD the masses or as an excuse to further tighten the outflow of information to keep the public in the dark, causing a decrease in transparency.

Here are some links to previous articles:

12 Oct 2023 https://carspiritpk.com/pak-suzuki-to-consider-delisting-from-psx/
20 Oct 2023 https://carspiritpk.com/pak-suzuki-delists-from-psx-smc-take-full-control/
04 Dec 2023 https://carspiritpk.com/smc-to-buy-pak-suzukis-26-91-minority-shares/
06 Dec 2023 https://carspiritpk.com/suzuki-sets-price-at-rs406-for-share-buyback/
16 Jan 2024 https://carspiritpk.com/pak-suzuki-buyback-price-fixed-at-rs-609/
19 Jan 2024 https://carspiritpk.com/pak-suzuki-agrees-rs-609-per-share-buyback-price/
08 Feb 2024 https://carspiritpk.com/shareholder-challenges-delisting-price-of-pak-suzuki/

09 Apr 2024 https://carspiritpk.com/japan-threatens-wto-action-over-pakistans-auto-export-policy/