Pakistan’s data privacy nightmare is spiraling as Jazz, the country’s largest telecom operator, comes under renewed fire over alleged misuse of user data. The controversy resurfaces amid a massive Pakistan Telecommunication Authority (PTA) breach that has exposed systemic vulnerabilities at the regulator itself — the very institution tasked with safeguarding citizens’ digital rights.
Read More: Jazz’s Rs 6.58 Billion Overbilling Scandal: Senate Slams Jazz & PTA for Hiding Tariff Records
Dozens of websites are reportedly selling sensitive data, including mobile location information, call records, and overseas travel histories. According to BiometricUpdate.com, mobile location data is available for as little as PKR 500 ($1.76), call records for PKR 2,000 ($7), and complete travel histories for PKR 5,000 ($17.55).
Earlier this year, Pakistan’s National CERT reported that login credentials for over 180 million users had been compromised in a global data leak, affecting users of government portals, banks, social media platforms, and healthcare systems.
Daraz CFO Publicly Calls Out Jazz:
Adding fuel to the fire, Ahmad Hassan, CFO of Daraz, took to LinkedIn to accuse Jazz of sharing mobile numbers with insurance companies and other enterprises for marketing campaigns.
“I am really shocked that Jazz is sharing our mobile numbers with different commercial enterprises including insurance companies to promote their products. It is frustrating to receive these unsolicited calls at the most inappropriate times. Someone needs to take notice of this exploitation and monetization of customer data by the biggest Telco of Pakistan,” Hassan wrote.
His post has triggered a wave of online outrage, with Jazz users echoing complaints about spam calls, promotional SMS, and privacy violations.
History of Jazz Data Breaches:
This is not Jazz’s first brush with privacy scandals:
-
2020: A major breach exposed data of over 115 million mobile users, including Jazz subscribers — one of the largest privacy incidents in Pakistan’s history.
-
2022: Dark web forums allegedly sold 71 million Jazz records, including CNICs and SIM details. PTA denied an official breach but admitted there had been “unauthorized access.”
-
2023: Jazz was fined PKR 10 million by PTA, but not for privacy violations — instead, for overcharging customers.
Despite repeated privacy controversies, no regulatory penalty has ever been imposed for data leaks or misuse of user data.
Regulatory Vacuum:
Pakistan’s Personal Data Protection Bill (PDPA) — which would require data breach disclosures within 72 hours — remains unimplemented. This leaves over 80 million Jazz users without legal recourse if their data is leaked or sold without consent.
Experts warn that without a dedicated independent cybersecurity authority, operators like Jazz and regulators like PTA will continue to escape accountability for privacy failures.
What Users Can Do:
Until stronger laws are enacted, privacy experts recommend:
-
Registering for DNCR: Send “REG” to 3627 to block telemarketing calls.
-
Filing complaints with PTA: Via their portal, helpline (0800-55055), or DIRBS app.
-
Checking for data breaches: Use HaveIBeenPwned.com or Google’s dark web alerts.
-
Strengthening account security: Change passwords, enable 2FA, and monitor suspicious activity.