Onesec

⚠️ Potential Personal Data Breach

Reports are circulating on social media and the Reddit platform about an alleged database containing personal data of citizens of Uzbekistan. At this time, there is no official confirmation of a data breach, and an investigation is ongoing.

The database may include:
Full name, date of birth, region of residence, address, contact details, passport information, and data related to government services.

❓ What is recommended to do now:
🟡 Change passwords for e-government portals, banking services, and other critical online accounts
🟡 Enable two-factor authentication wherever possible
🟡 Be especially cautious of calls or messages claiming to be from banks or government authorities

Authorized bodies are currently verifying the authenticity of the information, its source, and the potential scope of the data involved.

____

⚠️ Shaxsiy ma’lumotlarning sizib chiqqani ehtimoli

Ijtimoiy tarmoqlar va Reddit platformasida O‘zbekiston fuqarolarining shaxsiy ma’lumotlari bazasi joylashtirilgani haqida xabarlar tarqalmoqda. Hozircha bu ma’lumotlar sizib chiqqani rasman tasdiqlanmagan, tekshiruv olib borilmoqda.

Bazada quyidagilar bo‘lishi mumkin:
F.I.Sh., tug‘ilgan sana, yashash hududi, manzil, aloqa ma’lumotlari, pasport ma’lumotlari, davlat xizmatlariga oid ma’lumotlar.

❓Hozirda nima qilish tavsiya etiladi:
🟡
e-gov, bank va boshqa muhim onlayn xizmatlardagi parollarni o'zgartirish
🟡
imkon bo‘lgan joylarda ikki bosqichli autentifikatsiyani yoqish
🟡
banklar yoki davlat organlari "nomidan" qilingan qo‘ng‘iroqlar va xabarlarga nisbatan e’tiborli bo‘lish

Vakolatli organlar axborotning haqiqiyligini, uning kelib chiqish manbasini va ma’lumotlarning ehtimoliy hajmini tekshirmoqda.

🔗Batafsil: : https://www.gazeta.uz/ru/2026/02/03/darknet/

🔍Why SOC does not see data leaks outside the company
If there is no incident in SOC, it does not mean that there are no risks.

🚰Data leaks are not always related to hacking into corporate infrastructure; often, information leaves the company without any attacks on IT systems, and such scenarios remain outside the SOC's field of vision.

👽The SOC monitors what is happening inside corporate systems:

who is connecting, what actions are being performed, and whether there is any suspicious activity.

If there have been no intrusions, everything is formally considered to be in order, but in practice, data may end up outside the SOC's purview:

➖through external services and platforms

➖through contractors

➖when using corporate access outside the infrastructure

In these cases:

🟡actions are not captured by monitoring systems

🟡automatic alerts do not trigger

🟡there is no formal incident

⚠️ It is important to understand:

threats are not only formed within corporate systems — some of them arise outside of them, even before the SOC can detect them

🔮Cybersecurity predictions for 2026

2026 will bring increased pressure on businesses. Cyber threats will extend beyond IT functions and directly impact companies' finances, reputation, and sustainability.

What is important to consider now:

✔️ Digitalization in Uzbekistan is developing faster than protection systems
✔️ Attacks are becoming more sophisticated due to the use of AI
✔️ Regulatory requirements for information security are tightening
✔️ A formal approach to security no longer works

In 2026, companies that invest in strategy, processes, and people in advance will remain sustainable.

🖥In the carousel: key risks and practical steps for business.

🔮🔮🔮🔮

🔮2026-yil uchun kiberxavfsizlik prognozlari

2026-yil biznesga bosimni kuchaytiradi.
Kibertahdidlar IT-funksiyalar doirasidan tashqariga chiqib, kompaniyalarning moliyasi, obro‘si va barqarorligiga bevosita ta’sir ko‘rsatadi.

Hozirdanoq e’tiborga olish muhim bo‘lgan jihatlar:

✔️O‘zbekistonda raqamlashtirish himoya tizimlariga qaraganda tezroq rivojlanmoqda
✔️hujumlar AI ishlatish tufayli murakkablashadi
✔️AXga nisbatan tartibga solish talablari kuchaytirilmoqda
✔️xavfsizlikka rasmiy yondashuv endi ishlamaydi

2026-yilda kompaniyalar barqaror bo‘lib qoladi, ular strategiya, jarayonlar va odamlarga oldindan sarmoya kiritadilar.

🖥Karuselda: biznes uchun asosiy xavf-xatarlar va amaliy qadamlar keltirilgan.

🛒🎄О новогодних скидках

В преддверии праздников в Instagram, Facebook и Telegram участились случаи мошенничества под видом "новогодних акций" и распродаж.

❕Один из характерных признаков таких схем - оплата на международные карты (Visa, Mastercard)
Как правило, это объясняется нейтрально: "так удобнее", "местная карта временно недоступна", "оплата только таким способом".

После перевода средств связь с продавцом, как правило, прекращается.

✔️Важно учитывать:

❌переводы на международные карты невозможно отследить
✅переводы на локальные банковские системы (Uzcard / HUMO) в ряде случаев можно отследить по персональным данным владельца
❌ фото, видео и голосовые сообщения не являются подтверждением надёжности — чаще всего используется украденный контент
🟡злоумышленники часто действуют с иностранных номеров
🟡фейковые аккаунты, как правило, созданы недавно и используют подозрительные ссылки

⭐Рекомендации:

🔵не переводите предоплату незнакомым продавцам
🔵не переводите деньги международные платежные системы (Visa, Mastercard)
🔵делайте скриншоты переписки с отображением контакта продавца
🔵проверяйте информацию о продавце в открытых источниках
🔵доверяйте только официальным компаниям и магазинам с подтверждённой историей

____

🛒🎄About New Year's discounts

In the run-up to the holidays, there has been an increase in cases of fraud on Instagram, Facebook, and Telegram under the guise of “New Year's promotions” and sales.

❕One of the characteristic features of such schemes is payment to international cards (Visa, Mastercard).
As a rule, this is explained neutrally: “it's more convenient,” “the local card is temporarily unavailable,” “payment is only possible in this way.”

After the transfer of funds, communication with the seller usually ceases.

✔️Important to note:

❌Transfers to international cards cannot be traced.
✅Transfers to local banking systems (Uzcard/HUMO) can in some cases be traced using the owner's personal data.
❌Photos, videos, and voice messages are not proof of reliability — stolen content is most often used.
🟡Fraudsters often operate from foreign numbers.
🟡Fake accounts are usually recently created and use suspicious links.

⭐Recommendations:

🔵Do not make prepayments to unfamiliar sellers.
🔵Do not transfer money via international payment systems (Visa, Mastercard).
🔵Take screenshots of your correspondence showing the seller's contact details.
🔵Check information about the seller in open sources.
🔵Only trust official companies and stores with a proven track record.

Translated with DeepL.com (free version)