Brinztech Alert: Breach in Uzbekistan’s E-Government Infrastructure Exposes 60,000 Records

Dark Web News Analysis

Cybersecurity intelligence from February 18, 2026, has identified a major breach in the digital infrastructure of Uzbekistan. Between January 27 and 30, three government information systems were targeted by sophisticated cyberattacks. While initial dark web rumors on Reddit and hacker forums claimed the exfiltration of 15 million citizen records, official investigations by Digital Technologies Minister Sherzod Shermatov on February 12 confirmed a more contained, yet still critical, scope.

The breach focused on the central OAuth authentication server (OneID), which serves as the single sign-on (SSO) gateway for the country’s public services. This incident follows a pattern of escalating attacks on the nation’s critical infrastructure, most notably the August 2025 Uzbekistan Airways breach, where passenger passport data was leaked. The currently exfiltrated data includes:

• Medical & Social Data: 15,874 records of medical workers from the National Social Protection Agency (IHMA.UZ).
• Law Enforcement PII: 24 photographs and identifying records of Interior Ministry employees.
• Financial Records: 446 mortgage records from the Mortgage Refinancing Company (UZMRC.UZ).
• Demographic Data: A sample of 5,522 records likely exfiltrated from the State Statistics Committee (STAT.UZ).

Key Cybersecurity Insights

The breach of a national e-government gateway represents a “Tier 1” threat with systemic implications for Central Asian stability:

• Cascading Trust Failure via OAuth Compromise: By targeting the central OneID server, attackers effectively compromised the “trust backbone” of the nation. In a centralized e-gov model, a single flaw in the OAuth implementation allows for lateral movement across every connected agency, mirroring the deep system compromise seen in the Uzbekistan Airways incident.
• The “Bloody Wolf” APT Factor: Independent research has tracked the advanced persistent threat (APT) group Bloody Wolf (Stan Ghouls) conducting sustained operations in the region. Their focus on spear-phishing and NetSupport RAT deployment suggests that the January breach may be part of a larger, state-sponsored or high-level financial espionage campaign.
• Synergistic Identity Theft: The combination of recently leaked medical/mortgage data with the previously leaked passport data from Uzbekistan Airways creates a “Total Identity Profile” for thousands of citizens. This allows criminals to bypass even the most stringent identity verification checks by presenting matching travel documents and residential/employment history.
• Supply Chain and Integration Vulnerabilities: Experts suggest the breach may be a Supply Chain Attack, where a vulnerability in a third-party IT vendor used by the e-government platform granted attackers access to the core authentication server.

Mitigation Strategies

To protect your digital identity and secure your professional profile following this massive national exposure, the following strategies are urgently recommended:

• Immediate Force-Reset of OneID Credentials: All citizens of Uzbekistan should change their OneID passwords immediately. If you were also affected by the Uzbekistan Airways passport leak, ensure you are using a unique, complex passphrase that has never been used on airline or travel portals.
• Activation of Voluntary Credit Ban: Utilize the Law No. ZRU-1043 service via my.gov.uz to prohibit any loan issuance without your physical presence. This is the most effective defense against the fraudulent microloans currently targeting leaked IDs.
• Passport Security Awareness: If your data was part of the Uzbekistan Airways breach, be hyper-vigilant regarding any travel or visa-related communication. Attackers may use your leaked passport number to craft convincing “Immigration” or “Tax” lures to steal further financial credentials.
• Implementation of Hardware-Based MFA: Transition government administrative accounts away from SMS-based 2FA. Enforce the use of Hardware Security Keys (e.g., YubiKey) for all personnel with privileged access to the OAuth ecosystem.

Secure Your Future with Brinztech — Global Cybersecurity Solutions

From agile SMEs and global enterprises to national agencies, Brinztech provides the strategic oversight necessary to defend against evolving digital threats. We offer expert consultancy to audit your current IT policies and GRC frameworks, identifying critical vulnerabilities before they can be exploited. Whether you are protecting a local business or a government entity, we ensure your security posture translates into lasting technical resilience—keeping your digital footprint secure, your citizens’ data private, and your future protected.

Questions or Feedback? For expert advice, use our ‘Ask an Analyst’ feature. Brinztech does not warrant the validity of external claims. For general inquiries or to report this post, please email us: contact@brinztech.com