Cyberattack on Government Databases: Hacker Demands €200,000 for Deletion of Personal Data

Tashkent, Uzbekistan (UzDaily.com) — Uzbekistan has experienced a large-scale incident involving the leak of personal data of approximately 15 million citizens, reportedly as a result of a breach of the government OAuth server.

According to sources, the perpetrator of the attack demanded a ransom of €200,000 in exchange for deleting the stolen information and disclosing the system vulnerabilities. The hacker claimed that an attempt had been made to notify the UzCERT service about the issue, but after the ransom demand was announced, communication ceased.

The leaked databases included full names, addresses, phone numbers, passport information, and scanned documents of citizens.

Among the affected systems were the National Agency for Social Protection (IHMA), personnel databases of the Ministry of Internal Affairs, statistical services, and agencies managing mortgage programs. To verify the authenticity of the breach, the attackers published thousands of samples of personal files and medical records.

The National Agency for Social Protection officially confirmed the cyberattack on its outdated database and is conducting a comprehensive investigation to determine the exact number of citizens whose personal data may have been compromised.

The incident highlights the urgent need to strengthen cybersecurity measures and to modernize outdated government information systems.