A threat actor published a database on a dark web forum claiming that it is from the Hajj and Pilgrimage Organization of Iran between the years 1984 – 2024. The Organization works on the registrations for pilgrimage trips. The forum post states that the significance of the organization comes from the fact that all Iranian officials have traveled at least once to a pilgrimage destination, and their information might be stored in this data bank.
According to the threat actor the total data is 1.25 TB, and there more than 168 million records such as first and last names, fathers’ names, date of birth, place of birth, ID numbers and other personal and sensitive information about the identity of the victims. The price for the leak is not mentioned and instead the threat actor stated that it is negotiable. Sample data is also provided.
According to the claims of the threat actor, the leaked data contains the following:
- First name
- Last name
- Father’s name
- Date of birth
- Place of birth
- ID number
- National code (SSN)
- National card serial number
- Marital status
- Occupation
- Contact information (home and work address, postal code, landline or mobile phone number)
- Detailed passport police inquiry information (passport number, issue and expiration date)
- Passport scan
- 3*4 photos of travelers
- Travel flight information of travelers
- Travel insurance information
- Security deposit documents
- Banking and payment information
- Pilgrimage brokers information
- Accommodation status information of travelers
- Details of government officials
- Details of allocated quotas such as martyr families
- Details of NAJA forces
- Details of Basij forces
- Details of clerics (Mullah)
- Source code of Haj apps and services
