(4 February 2026 | Source: Podrobno.uz publication)
The National Agency for Social Protection has officially acknowledged a cyberattack on one of its information systems for the first time. The statement came amid discussions of a possible large-scale data leak, which, according to reports on social media, could have affected millions of citizens and key state resources.
WHAT THE AGENCY CONFIRMED
The National Agency for Social Protection (NASP) reported a cyberattack on an outdated database. The agency stated that an investigation is currently underway and that necessary measures are being taken to ensure the security of citizens' personal data. The agency promised to provide further information after the completion of the review.
RESPONSE TO REPORTS OF THE LEAK
In an official statement from NASP, it specifically addressed the information being circulated on social media and on a number of websites. According to the agency, such publications "do not correspond to the factual content of the situation." However, the agency did not specify which data might have been affected or the extent of the breach.
WHAT IS KNOWN ABOUT THE POSSIBLE LARGE-SCALE LEAK
Earlier, reports appeared on social media, including Reddit, about the compromise of the main OAuth server of the E-Government system (E-Gov). This server is used as a trusted authentication centre for websites of government bodies, banks, universities, and commercial organisations.
According to the publication Podrobno.uz, as a result of the incident, data from the systems of the National Agency for Social Protection, the Committee on Statistics and the Mortgage Refinancing Company may have been potentially accessed. It was reported that each record could have contained full name, address, date of birth, phone number, email address, and passport data. It was mentioned that this could involve at least 15 million users.
INVESTIGATION CONTINUES
In light of the reports that emerged, the Cybersecurity Centre announced that it was studying the information about a potential leak of personal data of Uzbek citizens. No official conclusions on the scale and consequences of the incident have been published at this time.