The Minister of Digital Technologies of Uzbekistan denied reports of data leakage of 15 million citizens, about 60 thousand records were affected

At the beginning of his speech, the Minister focused on the relevance of the messages that have been widely discussed in the media and social networks in recent days.

He also stressed that information security and personal data protection are one of the priorities of state policy, and said that the authorized bodies promptly conducted a study and submitted preliminary analysis results.

The purpose of the press conference was an objective discussion of the situation and informing the public about the current state of affairs.

International experience

As you know, with the development of digitalization processes, the number of cyber-attacks on information systems is also increasing.

The situation in global cyberspace shows that cyber-attacks occur even in countries with high-tech and advanced systems. At the same time, the key tasks remain the timely detection of attacks, their neutralization, minimizing damage and strengthening protection based on a full analysis of the incidents that have occurred.

In 2025 alone, the global damage from cyber-attacks amounted to 10.5 trillion dollars, and more than 16 billion user data were stolen from large platforms.

According to media reports, similar cases have been reported in developed countries. For example:

In China, in May 2025, hackers gained access to a data array of about 4 billion records.;

In the United States, in April 2024, it was reported that 2.9 billion records were leaked that could relate to citizens of the United States, Great Britain and Canada.;

In the UK, in January 2025, a hacker announced the sale of personal data of 18.8 million customers.;

In Indonesia, in August 2024, as a result of an attack on a data center, the data of 4.7 million government employees was distributed.

The situation in Uzbekistan

On February 2 of this year, reports spread on social networks and individual channels that the data of 15 million citizens had allegedly been leaked.

During the study of the situation, together with the authorized bodies, the following was established:

Between January 27 and January 30, cyber-attacks were carried out on the information systems of three government departments.

However, according to the preliminary results of the study, the amount of data about which information was disseminated on social networks amounted to about 60 thousand records, and not 15 million, as claimed in the publications.

Measures taken

The following measures were promptly taken to eliminate the consequences of the cyberattack:

Further unauthorized access to the information infrastructure has been prevented.;

passwords of users of the OneID Unified Identification System have been reset and updated, and technical security measures have been further strengthened.;

Additional security measures have been implemented in the OneID system, allowing the provision or restriction of the transfer of personal data to other systems only with the consent of the owner.

It was also noted that more than 7 million threats were prevented through the cybersecurity node in 2024, and more than 107 million in 2025, thanks to timely and effective measures.

An analysis of the results of 2025 and a forecast of trends shows that Uzbekistan's cyberspace is not only actively developing, but is also increasingly becoming the target of global threats.

What does the leakage of personal data mean?

The concept of "personal data leak" does not mean that a citizen's personal account has been hacked.

As a rule, we can only talk about obtaining certain information, such as last name, first name, date of birth, address or phone number.

Even with such data, an attacker cannot perform actions on behalf of a citizen without his participation. Therefore, scammers try to get the missing information using various methods of pressure and deception.

For example, a fraudster can call a citizen, introduce himself as a bank employee, give some personal information and inform them that they are allegedly trying to apply for a loan in his name, and then ask him to dictate an SMS code to "cancel the operation."

Psychological pressure and various tricks can be used to obtain codes and logins. In such situations, it is necessary to remain vigilant.

Cyber hygiene: recommendations for the public

The means of protecting the information systems of ministries and departments are constantly being updated and improved, but the personal cyber hygiene of users also plays an important role.

Basic recommendations:

Use complex passwords and change them regularly in OneID accounts, banking applications, email, and government service platforms.

It is recommended to enable two-factor authentication in the OneID system - login confirmation via a mobile application, code, or Face ID.

Do not disclose SMS codes, passwords, and bank card details to persons who call and identify themselves as employees of the bank, security service, medical institutions, or telecom operators.

Do not follow links received in Telegram, other messengers or by e-mail if they raise doubts. Information should be checked through official applications and websites.

Do not trust offers and messages coming from fake accounts, including those using images and videos of famous people created by artificial intelligence.

Data security remains an urgent task for every state and society. It is important to assess the situation calmly and rely on official sources of information.

Compliance with the rules of cyber hygiene can significantly reduce the risks for every citizen.

In order to effectively organize work in this area, media representatives are also called upon to actively conduct explanatory work and disseminate objective information.