Hackers Leak 0.35 Million Hajj Applicants Data on Dark Web

Senators warn of national security risks as PTA confirms breach; Data Protection Bill delays draw sharp criticism.

The Senate Standing Committee on Information Technology, chaired by Senator Palwasha Khan, has raised alarm over a major breach that exposed the personal data of Hajj applicants on the dark web, alongside revelations of SIM and NADRA data leaks. Lawmakers warned that repeated breaches threaten both national security and public trust, urging immediate passage of the long-delayed Data Protection Bill.Jazz Overbilling Scam Sent to PAC for Probe

The most disturbing disclosure came from Pakistan Telecommunication Authority (PTA) Chairman, who confirmed that information belonging to about 350,000 Hajj applicants had been stolen and posted on the dark web. “This is indeed a very serious matter. The protection of Pakistan’s data must be ensured,” he told the committee, adding that investigations were underway to determine whether this was part of an earlier breach reported in 2022 or a fresh leak.

Committee chairperson Palwasha Khan pressed officials on whether the newly established National Cyber Crime Agency (NCCA), still in its infancy, could handle such a responsibility. “This NCCA is new — how will it manage such a huge responsibility?” she asked. The PTA chairman responded that the Interior Ministry had assigned the inquiry to NCCA, but doubts over its capacity persisted.

Lawmakers also sought clarity on whether Election Commission records had been compromised. While Senator Afnanullah noted that voter rolls were already public, he warned that any breach of NADRA’s database would be catastrophic. “If our NADRA data has been stolen, this is a huge disaster,” he said. “Failure to protect national databases represents a very big failure.”

The PTA chairman further admitted that his own SIM card information had been available on the dark web since 2022, highlighting the vulnerability of telecom data. He explained that inquiries into earlier incidents showed SIM data was held by telecom operators, but lapses in protection had allowed hackers to exploit it. “So far, according to my information, SIM data is included,” he confirmed.

Senators drew comparisons with international experiences to underline the risks. Afnanullah cited Iran, claiming that during wartime, stolen data had been used against the country, eventually leading to missile strikes. Senator Kamran Murtaza added that during past hostilities, Pakistan’s access to Indian data provided a strategic advantage, warning that failure to safeguard Pakistani data could expose the country to similar threats.

The debate quickly shifted to the government’s failure to enact the Data Protection Bill despite cabinet approval. “Why haven’t you brought the Data Protection Bill?” asked chairperson Palwasha Khan. Senator Afnanullah, who had worked extensively on the draft, voiced frustration: “I worked so much on this bill, but even after cabinet approval it has not been tabled. The law that would stop this data theft is the very law we are not being allowed to enact.”

Ministry of IT officials maintained that certain reservations over the draft still existed and were under review, but senators were unconvinced. Palwasha Khan labeled the continued delay “ministerial incompetence” and criticized the IT Minister for repeatedly skipping committee sessions. “The IT Minister does not attend committee meetings,” she said. Ministry representatives countered that the minister had attended other committees, but the chairperson vowed to obtain a full attendance record.

Lawmakers warned that repeated breaches carried consequences beyond governance failures, with direct implications for security. “Data theft will have very dangerous consequences,” Senator Afnanullah said, adding that while Pakistan had provided safeguards for foreign companies, it had failed to protect its own citizens.

The committee concluded with a call for urgent action: strengthening of cybercrime institutions, expedited passage of the Data Protection Bill, and greater accountability for ministries entrusted with safeguarding sensitive data.

“Ensuring data protection is not just a technical matter; it is a matter of national security and public trust,” Chairperson Palwasha Khan stressed. Until meaningful reforms are enacted, senators warned, citizens’ private information will remain exposed to both domestic exploitation and external threats.