Islamabad, September 19, 2025 — In a startling revelation, Chairman of the Pakistan Telecommunication Authority (PTA), Major General (R) Hafeez-ur-Rehman, informed the Senate Standing Committee on Information Technology that the personal data of nearly 300,000 individuals who had applied for Hajj was leaked and made available on the dark web. This disclosure has triggered widespread concern over Pakistan’s fragile data protection framework and the rising risks of cybercrime.
The revelation came during a briefing to the committee, chaired by Senator Palwasha Khan, in which the PTA chief elaborated on ongoing cybersecurity challenges, including the repeated instances of data breaches. He noted that the compromised data was initially reported in 2022, but the scale of exposure had only recently come to light. “Almost three hundred thousand Hajj applicants’ information has been compromised and is being circulated on the dark web,” he said.
A Personal Dimension to the Leak
Making the issue even more alarming, the PTA chairman admitted that his own personal SIM data had been leaked as far back as 2022. “My own SIM data is on the dark web,” Hafeez-ur-Rehman said, underscoring how widespread and uncontrolled such breaches have become. According to him, subscriber identity module (SIM) data is retained by telecom companies, and the breach indicates significant weaknesses in how these companies safeguard sensitive information.
International Pressure Against Legislation
During the meeting, government Senator Afnanullah Khan added another layer of complexity by revealing that Pakistan faces external pressure not to introduce comprehensive data protection laws. He alleged that international entities were lobbying against Pakistan establishing stronger legal safeguards to ensure data security. “We are being pressurized from abroad not to legislate for the protection of citizens’ data,” he remarked, suggesting that the country’s sovereignty in managing its digital infrastructure may be under threat.
Chronic Telecom Service Issues
The committee session was not limited to data security concerns. Members of the Senate Standing Committee expressed anger at the poor quality of mobile phone services across the country. Frequent call drops, weak signals, and unreliable mobile internet connectivity were highlighted as persistent problems. Lawmakers pressed the PTA and telecom operators to address these inefficiencies that affect millions of users daily.
Chairperson Palwasha Khan remarked that while citizens continue to face poor service, telecom operators are generating significant revenues without adequately investing in infrastructure upgrades. The PTA chairman responded that a spectrum auction remains the most viable solution to expand coverage and improve quality of service, though this requires coordinated efforts between the government, regulatory bodies, and telecom companies.
Rising Concerns Over Data Privacy in Pakistan
The exposure of Hajj applicants’ data is not an isolated incident but part of a worrying pattern of repeated breaches affecting Pakistani citizens. In recent years, databases from banks, telecom companies, and government institutions have reportedly appeared on underground forums and the dark web. Such leaks often include names, phone numbers, CNIC details, and even financial information, putting citizens at risk of identity theft, scams, and fraud.
Experts argue that the absence of a comprehensive data protection law leaves citizens vulnerable. While several drafts of a Personal Data Protection Bill have been proposed in Pakistan, none have been fully implemented. Without a strong regulatory framework, organizations holding sensitive information remain largely unaccountable for breaches.
Implications for Hajj Applicants
The specific targeting of Hajj applicants adds another sensitive dimension to the issue. For many, applying for Hajj involves submitting not just personal identification details, but also financial and family information. The fact that this data is now circulating on the dark web could expose thousands of families to fraud attempts, phishing schemes, and even blackmail.
Observers fear that such breaches could undermine trust in the government’s ability to manage religious and administrative processes securely. For a deeply spiritual matter like Hajj, the misuse of personal data can cause both financial loss and emotional distress.
Spectrum Auction as a Solution
In addition to discussing data breaches, the PTA chairman emphasized that the solution to many of Pakistan’s internet and connectivity issues lies in conducting spectrum auctions. Spectrum, which refers to the radio frequencies used for communication, is crucial for expanding 4G and introducing 5G services. Delays in auctioning new spectrum have left Pakistan lagging behind regional peers in terms of mobile internet quality.
Hafeez-ur-Rehman argued that an auction would not only enhance service quality but also generate significant revenue for the government. However, past attempts at spectrum auctions have often been delayed due to political disagreements, bureaucratic hurdles, and lack of consensus between stakeholders.
Growing Need for Cybersecurity Infrastructure
The revelation of this massive Hajj data breach highlights Pakistan’s urgent need to invest in cybersecurity infrastructure. Without robust systems for detecting, reporting, and addressing breaches, data thefts will continue to occur unchecked. Analysts say that Pakistan needs to establish a national cybersecurity command structure that can oversee incidents across both public and private sectors.
Civil society activists also argue that citizens should have the right to be notified immediately if their data is leaked. Currently, there is no mechanism in Pakistan that obligates companies or state institutions to inform individuals about breaches. As a result, most citizens remain unaware that their private data is being sold or misused online.
Public Trust at Stake
The committee’s anger reflects growing frustration among both lawmakers and the public about repeated failures in digital governance. For ordinary Pakistanis, the combination of poor telecom services and recurring data leaks paints a grim picture. Trust in both government institutions and private service providers is being eroded.
If the government fails to act swiftly, Pakistan could see more devastating consequences — not only in terms of individual losses but also in the country’s overall digital development. Investors and international partners may hesitate to engage with Pakistan’s technology sector if data insecurity remains rampant.
Conclusion
The exposure of nearly 300,000 Hajj applicants’ data on the dark web is a wake-up call for Pakistan. It demonstrates the urgent need for strong legislation, better oversight of telecom companies, and serious investment in cybersecurity. The PTA chairman’s admission that even his personal data has been leaked reflects the extent of the crisis. At the same time, the reported international pressure against enacting data protection laws raises troubling questions about the global dynamics influencing Pakistan’s digital sovereignty.
For now, the Senate Standing Committee on IT has voiced its anger, but whether these discussions will lead to meaningful reforms remains uncertain. Unless concrete steps are taken, Pakistani citizens will continue to remain exposed to one of the most pressing dangers of the digital age: the unchecked exploitation of their personal data.
