From January 27 to 30, the information systems of three Uzbekistan government agencies were subjected to cyberattacks, announced the Digital Technologies Minister Sherzod Shermatov at a press conference on February 2.

The names of the agencies were not disclosed. As a result, approximately 60,000 unique personal data were leaked.

Earlier, social media reported a data leak involving 15 million Uzbeks. The ministry stated that this information was false.

According to the minister, the leak does not concern the data of 60,000 individuals, but rather a preliminary estimate of 60,000 unique records (data units), which could include individual details such as last name and first name, date of birth, residential address, telephone number, and other similar data.

"There is no information that the personal data of 15 million Uzbeks is being sold online. 60,000 pieces of data could include five or six pieces of data from a single individual." "We're not talking about 60,000 citizens," he stated, noting that law enforcement agencies are examining the types of data.

The ministry clarified that the "personal data leak" did not refer to the hacking of citizens' personal accounts. It could involve obtaining individual pieces of information, such as last and first names, dates of birth, residential addresses, phone numbers, and other similar data.

After the cyberattack was identified, attempts to gain further unauthorized access to the information infrastructure were promptly curtailed, and technical security measures were strengthened.

Furthermore, additional security measures have been implemented in the Unified Identification System (OneID). Users must now authorize access to their data by banks, telecommunications companies, and other organizations. Thus, responsibility for access to personal data is fully transferred to the user.

Even after obtaining such information, a fraudster cannot impersonate a citizen without their personal participation, the ministry emphasized. Therefore, criminals are trying various methods to obtain the missing data, launching new attacks.

The information obtained can later be used for fraud. For example, an attacker could call a citizen, pose as a bank employee, provide known information, and claim that someone is attempting to apply for a loan in their name, asking them to provide an SMS code to "cancel the request."

According to the Ministry of Digital Development, more than 7 million threats were prevented through Uzbekistan's cybersecurity hub in 2024, and this figure exceeded 107 million in 2025.

Meanwhil, an analysis of the results for 2025 and projected trends show that Uzbekistan's cyberspace is not only actively developing but also becoming a target for global threats, the ministry stated. Over 200 million cyberattacks are expected in 2026.

Earlier, specialists from the C7 Cybersecurity group of companies analyzed the cyberattack and reported that the attacker's claim of obtaining 15 million records was unverifiable, as only a sample of 5,522 records was provided. However, 24 photographs of Ministry of Internal Affairs employees, 15,874 medical workers from the National Agency for Social Protection data, and 446 mortgage records from the financial data of the Mortgage Refinancing Company were verified.

Tens of thousands of people reported they were getting messages and calls containing links and requesting to communicate secret codes recently. All the above data could have been hacked following the online pouplation census in January.