In early February, The Times of Central Asia reported that the personal data of Uzbek citizens may have been leaked from government information systems and circulated on darknet forums. The report followed online discussions alleging that databases linked to state institutions were being distributed via anonymous platforms.
According to posts shared on Reddit, links to online repositories, including darknet resources, allegedly contained data obtained from Uzbek state institutions. Some users claimed the breach could involve the personal information of up to 15 million citizens. The allegations quickly spread across social media, prompting public concern and official responses.
On February 12, a press conference was held at the Ministry of Digital Technologies, attended by journalists, media representatives, and members of the public. Minister of Digital Technologies Sherzod Shermatov addressed the reports, stating that the issue had become the subject of widespread discussion in recent days.
Shermatov emphasized that information security and personal data protection remain state policy priorities. He said authorized bodies had conducted research immediately after the reports emerged and presented preliminary findings based on technical analysis.
According to officials, cyberattacks targeted the information systems of three state agencies between January 27 and 30. However, the claim that data relating to 15 million citizens had been leaked was not confirmed during the initial assessment. Authorities stated that the number of potentially affected records appears to be closer to 60,000, rather than the figure circulating on social networks.
During the briefing, officials placed the situation in an international context. They noted that with the rapid expansion of digitalization worldwide, cyberattacks have increased even in technologically advanced countries. In 2025 alone, global losses from cybercrime reportedly reached $10.5 trillion, while more than 16 billion user records were compromised from major corporate platforms. Media reports have described large-scale breaches in several countries, including China, the United States, the United Kingdom, and Indonesia over the past two years.
Uzbek officials stressed that the key challenges in such cases are early detection, rapid response, and damage mitigation, followed by strengthening protective systems. They reported that in 2024 more than seven million cyber threats were neutralized through national cybersecurity nodes. In 2025, that figure exceeded 107 million, reflecting both increased activity in cyberspace and expanded monitoring capacity.
To contain the recent incident, authorities said unauthorized access to information infrastructure was blocked. Passwords for users of the Unified Identification System, known as OneID, were reset, and additional technical safeguards were introduced. Officials added that new measures now allow users to control whether their personal data can be shared with other systems based on individual consent.
Explaining the concept of a personal data leak, officials clarified that it does not automatically mean a citizen’s private account has been hacked. In many cases, limited data, such as a name, date of birth, address, or phone number, may be exposed. On its own, such information does not enable fraudsters to act on behalf of an individual without additional verification data. However, it may be used in social engineering schemes.
Authorities warned that scammers often call citizens while posing as bank employees or security officers, using partial personal information to gain trust and request SMS codes or login credentials. Officials urged the public to remain vigilant and avoid sharing passwords, bank details, or verification codes with anyone claiming to represent official institutions.
The ministry stated that while state systems are regularly updated and reinforced, personal cyber hygiene remains essential. Citizens are encouraged to use strong passwords, enable two-factor authentication in OneID and banking applications, avoid clicking on suspicious links in messaging apps, and verify information through official websites.
