Hacker claims breach of Hajj and Pilgrimage Organization, selling alleged data
Learn More
IR Leaks hacking group claims to have breached the Iran’s Hajj and Pilgrimage Organization on a hacking forum and is selling the stolen database. The database purportedly contains over 168 million records spanning from 1984 to 2024. This extensive dataset, amounting to 1.25 terabytes (TB) in size, includes highly sensitive information such as:
- First name, last name, father's name,
- Date of birth, place of birth, birth certificate number,
- National code, national card series,
- Marital status,
- Occupation
- Contact information, home and work address, postal code, landline and mobile phone numbers
- Passport scans and photos of travelers
- Travel flight information
- Travel insurance details
- Security deposit documents
- Banking and payment information
- Information about pilgrimage brokers
- Accommodation status of travelers
- Details of government officials
- Allocated quotas for special groups like martyr families
- Information on NAJA forces, Basij forces, and clerics (Mullahs)
- Source code for Hajj apps and services
The number of affected individuals is not disclosed, but the number is probably in the millions. The nature of the attack is not clear.
IR Leaks has given 24 hours to the officials of the Hajj and Pilgrimage Organization to contact them to negotiate the payment of the ransom. Otherwise, the group has threatened to release the information.
The Hajj and Pilgrimage Organization, which works with Iran’s Ministry of Culture and Islamic Guidance to organize pilgrimages, has not confirmed the breach.
