A shocking revelation in the Senate exposes a massive Hajj data stolen issue affecting hundreds of thousands of Pakistanis, with sensitive information now circulating on the dark web.
Islamabad: On Friday, September 19, 2025, the Senate Standing Committee on Information Technology and Telecom heard that data stolen Pakistan 2025 includes personal details of nearly 300,000 Hajj applicants, valued at over PKR 65 billion and sold on the dark web, as disclosed by Senator Afnan Ullah, amid confirmations from the Pakistan Telecommunication Authority (PTA) Chairman Major General (retd) Hafeezur Rehman about ongoing SIM data leaks since 2022.
This incident underscores the precarious state of data security in Pakistan, a nation increasingly reliant on digital infrastructure, potentially exposing citizens to identity theft, financial fraud, and geopolitical vulnerabilities in South Asia, where similar breaches could destabilise regional trust in government systems.
Revelation of Hajj Data Stolen In Pakistan
During the Senate committee meeting in Islamabad, Senator Afnan Ullah highlighted the severity of the Pakistan data dark web leak, stating that stolen data worth over PKR 65 billion, encompassing personal information of nearly 300,000 Hajj applicants for 2026, is being traded illicitly online. This breach, part of a broader pattern of data stolen Pakistan 2025, involves sensitive details such as national identity cards (CNICs), addresses, and travel histories. The senator urged immediate legislative action on data protection laws, warning of external pressures hindering such reforms.
The PTA Chairman corroborated these concerns, confirming that SIM data, including his own personal records, has been available on the dark web since 2022, with leaks continuing into 2025. He noted that such data is sold for as little as PKR 500 per entry, facilitating a multimillion-rupee illicit market. This Pakistan data dark web leak extends beyond Hajj applicants to include mobile connection details and call logs, affecting thousands of citizens nationwide.
Authorities have initiated probes into the origins of the breach, though the exact method remains under investigation. Initial reviews by the PTA suggest the data did not originate from telecom operators but possibly from government portals or third-party systems. The committee expressed alarm over the lack of robust cybersecurity measures, particularly as Pakistan prepares for a 5G spectrum auction in December 2025.
Scale and Impact of the Pakistan Data Dark Web Leak
The data stolen Pakistan 2025 incident is not isolated; it aligns with reports of over 1,300 government websites being infiltrated earlier this year, exposing records of senior officials and ordinary citizens. Among the affected are details of foreign travel and mobile ownership, heightening risks of phishing attacks and extortion. The value of the compromised information—PKR 65 billion—reflects its potential for exploitation in cybercrimes, with experts estimating that such leaks could cost the economy billions more in remediation and lost trust.
In response, the PTA has blocked 1,372 websites, apps, and social media pages involved in the sale or sharing of leaked citizen data as part of an ongoing crackdown. However, senators criticised the government’s slow pace, with IT Minister Shaza Fatima absent from multiple proceedings. Senator Palwasha Khan demanded transparency on related perks and privileges, emphasising public disclosure.
This Pakistan data dark web leak has sparked calls for a national cybersecurity framework, drawing parallels to global incidents like the 2025 breach affecting over 180 million users worldwide, including Pakistanis. The exposure of Hajj applicants’ data, registered via the Ministry of Religious Affairs portal, raises questions about the security of official online services.
Background
Pakistan has faced recurring data vulnerabilities, with the 2022 SIM data circulation marking an early warning. Despite efforts like the Personal Data Protection Bill, implementation lags, leaving citizens exposed. The current data stolen Pakistan 2025 episode, revealed during telecom merger discussions, highlights systemic gaps in oversight by bodies like the PTA and Competition Commission of Pakistan.
What’s Next
The Senate committee has directed coordination with the Attorney General’s office to expedite data protection legislation and resolve 5G auction hurdles. As investigations into the Pakistan data dark web leak continue, affected individuals are advised to monitor their records, with authorities promising enhanced safeguards. This data stolen Pakistan 2025 breach serves as a stark reminder for bolstering digital defences to prevent future escalations.
Published in SouthAsianDesk, September 20th, 2025
Follow SouthAsianDesk on X, Instagram, and Facebook for insights on business and current affairs from across South Asia.
