Uzbekistan’s National Social Protection Agency Confirms Cyberattack on Archival Data

Tashkent, Uzbekistan (UzDaily.com) — The National Social Protection Agency has officially confirmed a cyberattack on its outdated database. The agency is currently conducting a thorough investigation to determine the exact number of citizens whose personal data may have been accessed by unauthorized parties.

An operational task force has been established to address the breach and analyze the situation. Cybersecurity specialists are assessing the nature of the data leak and evaluating potential risks to the public. Officials emphasized that the attack affected the archival database specifically, while the scope of any exposure of current data is still being clarified.

Experts maintain strict monitoring of the situation. An official report on the types of personal information affected and the measures being taken to prevent similar incidents in the future is expected soon.

Previously, Uzbek government institutions had regularly reported on the security of their information systems, particularly following reports of a breach of the central OAuth server of the e-government system (E-Gov), highlighting the resilience and protection of state databases.

Preliminary information indicates that data of at least 15 million citizens may have been exposed. Reports on Reddit suggested the compromise of the main OAuth server, a key gateway for access to government portals, banks, and commercial organizations. The breach could have exposed personal information such as full names, addresses, phone numbers, and passport details from the National Social Protection Agency (IHMA.UZ), State Statistics Committee (STAT.UZ), the Mortgage Refinancing Company, and other state institutions.