Science Technology
Latest Iran cyber data breach raises concerns about state surveillance
Hackers claim to have exposed personal data of 30 million subscribers, raising fears about cyber vulnerabilities and state surveillance.
![Men check their phones at a Tehran coffee shop on January 22. [Atta Kenare/AFP]](/gc3/images/2025/04/30/50170-Tehran-coffee-shop-370_237.webp)
By Emran |
Hackers have exposed the sensitive personal information of nearly 30 million subscribers to the Islamic Republic's largest telecommunications company, revealing deep vulnerabilities in the nation's digital infrastructure.
In addition to sparking fears about the exposure of personal data, which the hackers threatened to sell, the breach has raised alarm about state surveillance.
The ShadowBits hacker group on April 11 said it had infiltrated the servers of Mobile Communication Company of Iran (MCI), gaining access to customers' full names, birth details, national ID numbers and postal addresses.
Initial coverage of the breach by Iranian technology news website Digiato was swiftly removed, with ShadowBits claiming this was done under pressure from Iranian intelligence agencies.
![Telecom provider MCI displays its services at the Internet of Things exhibition in Tehran on February 16, 2021. [Morteza Nikoubazl/NurPhoto via AFP]](/gc3/images/2025/04/30/50180-mci-tehran-expo-370_237.webp)
"Through direct contact with the perpetrators of this attack, we have confirmed the authenticity of this security breach," self-described cyber espionage investigator Nariman Gharib said in an April 14 post on X.
"The compromised database, which was on Oracle, was not encrypted at all."
Iranian telecom companies maintain close ties with intelligence agencies and telecommunications data is often used to monitor Iranian citizens, Gharib wrote on his blog.
A pattern of security failures
The MCI data breach adds to a growing list of cyber incidents targeting Iranian infrastructure that have exposed critical weaknesses in Tehran's approach to data protection.
Among them, the hacking of MCI's website in October 2022, the exposure of millions of mobile subscriber records in 2016 and 2020, and the sale of 160 million customer records from 23 insurance companies in January 2024.
"The physical safety and personal data of Iranians are not a priority for the Islamic Republic," Mashhad resident Morteza Javadi, 35, told Pishtaz.
"Instead of focusing on citizen security, the regime spends billions of dollars of public funds to support proxy groups in the region to advance its political agenda," Javadi said, reflecting a sentiment shared by many Iranians.
"While other governments around the world prioritize protecting their citizens and addressing their problems, the Islamic Republic has ignored the demands and needs of the Iranian people," he said.
The scale of the breach is particularly concerning given MCI's central role in Iran's telecommunications infrastructure.
With over 100 million subscribers relying on its services for everything from phone calls to banking transactions, the exposure leaves millions vulnerable to phishing scams, financial fraud and identity theft, experts warn.
"This incident sends a very clear message to all Iranians: that the country's telecom networks lack proper immunity, and people's personal information is easily exposed to risk," said Mashhad-based cybersecurity expert Mehdi Alipour.
"These networks can no longer be trusted," he told Pishtaz.
Greetings. Despite the hardships that the Iranian people have been facing economically in recent times, this hard-working class can no longer afford to buy important but basic necessities such as groceries and food. The poor middle class is getting poorer. The rich are spending millions of dollars in foreign countries for fun and entertainment.
I do not have a particular opinion on relations with the Islamic Republic of Iran.
In my opinion, anyone who asks for details without reason is a scammer. Basically, bastard scammers, hackers, and thieves who deserve all bad words you tell them and who steal people's property, don't bother to work. These are bastards. The same ones who stole some trust by hacking me under the pretext of deposit, entered my system, bought my car, lost my vehicles. These are the real bastards. I will say for the rest of my life, maybe someone will know which dealership my car is from. Email. They won't let you announce it until it takes a while and the thieves divide it among themselves.
Good.
As far as such hacks have been seen so far, it has usually been Iranian or Iranian-affiliated hackers who have been able to access the mobile phones of even the highest-ranking defense minister, the minister of defense, and even the Israeli security minister, and some have been published; just as a sample of the many. This nonsense hack seen in this report is like other propaganda, news and media. The West and Israel are trying to blacken everything related to Iran, and that’s all. These stories are made by distorting the words or interviews of people who are called Iranian experts or CEOs of something in Iran in order to validate their report. It is a dirty and old trick, and does not work at least in Iran.
wow
In the end, one must die. What better way to die than on the way to one's homeland?
Thanks for the information.
Really, really excellent.
Thank you for the information.