Ransomware groups Fsociety x FunkSec Breach Punjab Government website

On January 20, 2025, the website of the Government of Punjab punjab.gov.pk, suffered a critical data breach carried out by the ransomware group known as ‘Fsociety.’, The data leak was published two days later, exposing the personal information belonging to 65,806 users, including the personal data of around 854 employees, signifying the severity of the data breach.
The threat actors Fsociety and FunkSec are an alliance of ransomware groups, both known for their ransomware-as-a-service (RaaS). Furthermore, the hackers left a message to the organization in a defacement, alerting anyone accessing the website with the following message:
“To The Organization of Punjam.gov.pk
We have owned the servers and extracted all data of all officers and Employees working for this government branch, All logs and inventory. Here is all leaked data. Unfortunately, we didn’t come to terms.”

To compound this severity, the leak references 90 third-party entities, which suggests that the data leak encompasses a broader range of possible victims. The website is central to the official Pakistani Government of Punjab and serves as a public sector web portal, providing information about resources and services to the public, including businesses and government stakeholders.
Due to its vital role in e-governance, the website contained a wealth of registered user information, which fell into the hands of the threat actor group. With so much personal data at stake, it stands to reason that the attack will significantly impact public trust.
The threat actors archived the stolen data and hosted the files on the encrypted cloud storage site Mega.nl. According to the screenshot above, the hackers provided no detail regarding the enclosed contents. Further details have yet to be ascertained.