Uzbek Ministry of Internal Affairs Denies Reports of Data Leak from Traffic Video Surveillance System

Tashkent, Uzbekistan (UzDaily.com) — The Ministry of Internal Affairs (MIA) of Uzbekistan officially denied reports of an alleged large-scale leak of drivers’ personal data from the state system of photo and video traffic violation recording.

The MIA statement followed a publication claiming that information about vehicles recorded by the video surveillance system—including license plate numbers, coordinates of violations, and details of the offenses—could supposedly be accessed online, allowing the tracking of vehicles across the country.

The ministry stated that this information is not true.

According to the MIA, the technical devices for photo and video recording installed in the regions are registered by entrepreneurs and other business entities, while all detected violations are automatically transmitted to the “Administrative Practice” module of the Unified Automated Information System of the Road Safety Service. These systems have undergone a three-stage cybersecurity assessment, and their security is guaranteed.

The MIA reminded that the operation requirements for such systems are defined by the Cabinet of Ministers’ resolution No. 232 dated 21 April 2021. Under these requirements, the system records photographs of vehicles from three angles, the time and location of the violation, vehicle speed, GPS coordinates, and a video recording lasting 6–10 seconds. All this information is used solely within the framework of administrative proceedings.

Offenders can view photo and video materials related only to their own violations through the web page cloud.yhxx.uz by following a unique link or scanning the QR code specified in the penalty notice. Access does not require a login or password but is strictly restricted to the individually generated link, which the MIA states prevents access to third-party data.

The ministry also emphasized that the video recordings of violations do not contain personal data, and the cloud.yhxx.uz site is intended solely to inform citizens about their own fines electronically. Similar access is available via the mobile applications road24 and saferoad.

The MIA additionally addressed claims that letters regarding system vulnerabilities were allegedly sent to the Department of Public Safety. According to the ministry, no such communications were received by the MIA or the Road Safety Service.

However, on 17 December 2025, the State Unitary Enterprise “Cybersecurity Center” received an inquiry from TechCrunch journalist Zak Whitaker regarding potential vulnerabilities of the cloud.yhxx.uz resource. The ministry stated that the inspection revealed no vulnerabilities or exposed personal data, and an official response was sent to the journalist.

In light of the circulation of this information in foreign media, the ministry has informed domestic media outlets about the operational principles of the Central Computerized Management System of the Road Safety Service and the applied information security measures.