60,000 Records Exposed in Cyberattack on Uzbekistan Government

The recent Uzbekistan breach illustrates a common reporting pitfall: conflating the number of data records with the number of affected individuals. A single record can contain multiple personal attributes, so 60,000 units may represent fragments of many citizens rather than full profiles. By correcting the narrative, the ministry not only restores credibility but also educates the public on how data exposure is measured, a nuance often lost in viral social‑media claims.

Uzbekistan’s cyber landscape is evolving rapidly. Government reports show a jump from 7 million blocked threats in 2024 to over 107 million in 2025, with projections exceeding 200 million attempts in 2026. This surge mirrors global trends where digital transformation expands the attack surface for nation‑states and organized crime. As e‑government portals, financial services, and identity systems become more interconnected, they attract sophisticated actors seeking to exploit any misconfiguration or outdated protocol.

In response, authorities have hardened the OneID platform, requiring explicit citizen consent before banks or telecoms can access personal data. While this shift improves control, it also raises awareness of social‑engineering tactics that can leverage even limited leaked details. The incident serves as a reminder that transparent communication about breach scope is as vital as technical defenses, helping to maintain public trust while the nation builds a more resilient cybersecurity posture.