Links to several resources, including those on the dark web, were published on Reddit, claiming to contain data from Uzbek government information systems. This data may include the personal information of 15 million Uzbek citizens.

The Cybersecurity Center commented on the situation on February 3.

"Reports are circulating on social media that personal data of Uzbek citizens has been leaked from some government information systems. An investigation is currently underway, and additional information will be provided based on the findings," the center stated.

The public is requested not to disclose their personal information to others and to use complex logins and passwords when accessing government and other electronic information systems.

Furthermore, citizens are asked to refrain from entering their data via suspicious links.

Amid discussions on social media about the possibility that population and agricultural census data may have been leaked, the National Statistics Committee also commented on the situation.

"All data collected during the online population and agricultural census conducted from January 15 to 31 is securely stored in encrypted form on a separate server. There is no cause for concern regarding the security of fellow countrymen’s personal information related to the census," the Statistical Committee noted.

Director of the corporate cybersecurity company ONESEC, Dmitry Paleev said that this could be an attack on the supply chain."

He emphasized the need to await the completion of the investigation being conducted by the competent authorities and information system owners.

"The actual threat may be greatly exaggerated and inaccurate," noted Dmitry Paleev.

He believes that logins and passwords, email addresses, phone numbers, user photos, passport information, and government service data may have been compromised.

Accordingly, users must first change all passwords for their information systems and enable two-factor authentication. Government agencies will also be required to determine when and how the unauthorized actions were committed, compile a complete timeline of events, and patch any vulnerabilities identified.

Dmitry Paleev emphasized that the authenticity of the published data should be determined solely by system owners and relevant authorities through an investigation.

Regarding the scope of the leak, the expert stressed: "Normally, this data is often greatly inflated and pieced together from various sources, including old data and data collected from various systems. Determining the actual volume of leaked data without a comprehensive investigation is impossible."

The expert believes that this case may not be a single isolated data leak, but rather an attack on the supply chain. This type of attack, he said, is common among cybercriminals: compromising one resource allows access to other systems connected to it through integrations or located on a common network and infrastructure.