Uzbekistan Confirms Cyberattacks on Government Agencies and Limited Data Breach of 60,000 Records

Tashkent, Uzbekistan (UzDaily.com) — Between 27 and 30 January, the information systems of three government agencies in Uzbekistan were targeted by cyberattacks, the Minister of Digital Technologies, Sherzod Shermatov, confirmed at a press conference on 12 February.

The minister clarified that earlier reports on social media claiming a leak of personal data for 15 million citizens were incorrect. The actual breach involved around 60,000 data records, with each individual potentially represented by five to six entries. The compromised information may have included names, dates of birth, residential addresses, phone numbers, and similar data points.

“No information indicates that personal data of 15 million Uzbek citizens is being sold online. This concerns 60,000 records, not 60,000 people,” Shermatov emphasized, noting that law enforcement agencies are continuing to analyze the nature of the accessed data.

The minister confirmed that the attack was carried out by a skilled intruder who gained access to one of the systems. He stressed that such incidents help identify vulnerabilities and improve the overall security of digital infrastructure. In some systems, limited sets of data were indeed accessed, but personal account breaches did not occur.

The ministry clarified that the compromised data alone does not allow malicious actors to perform actions on behalf of citizens. Following the attack, attempts at further unauthorized access were quickly blocked, and technical protections were strengthened.

Additional security measures have been implemented in the national OneID identification system. Users now must explicitly grant permission for their data to be accessed by banks, telecommunications companies, and other organizations, placing full responsibility for sharing personal information on the individual.

The ministry also warned that stolen information could be exploited in social engineering schemes, such as fraudsters calling victims, impersonating bank employees, and attempting to obtain SMS verification codes under false pretenses.

Statistics show that Uzbekistan’s national cybersecurity hub blocked over 7 million cyber threats in 2024 and more than 107 million in 2025. Projections indicate that the number of attacks could exceed 200 million in 2026 as the country’s digital ecosystem continues to grow while facing global cyber risks.

Earlier, C7 Cybersecurity reported that claims of 15 million leaked records could not be verified, as only a sample of 5,522 records was publicly available. Verified data included 24 photographs of Ministry of Internal Affairs staff, information on 15,874 healthcare workers from the National Social Protection Agency, and 446 mortgage records from the Mortgage Refinancing Company.