The national airline Uzbekistan Airways issued an official statement firmly denying reports about a large-scale data leak circulating on the network. This was reported by Upl.uz.
Information published on the Daily Dark Web resource claimed that an archive of 300 gigabytes containing data of hundreds of thousands of the company's customers had been compromised. These publications alleged that unknown individuals had put Postgres and S3 databases up for sale on a darknet forum.
The archive was said to contain personal data of 400 thousand passengers, partially including bank card numbers, payment and ticket details. Additionally, the approximate database reportedly included over 500 thousand correspondences between passengers and employees, copies of passports of citizens from 40 countries, as well as other personal documents such as driver's licenses.
The authors of the information attached several passport photos to prove their claims. In response, Uzbekistan Airways' press service stated that the company's IT infrastructure is operating normally and no unauthorized access incidents have been recorded.
The official statement emphasized that the security of passengers' and employees' personal data has not been compromised. The airline's statement noted that "the information presented in a number of publications is fake and does not correspond to reality."
The carrier stressed that these data have no connection to real databases. Furthermore, it is suggested that this information may have been artificially created or edited using artificial intelligence technologies, with the aim of creating a false impression that the incident occurred.
Despite the absence of an actual data leak, the company management has initiated an internal service investigation. This measure is being carried out within the framework of information security protocols.
The results of the investigation will be used to further assess the protection level of corporate databases. One of the largest data leaks in aviation history occurred in 2018 at the British airline British Airways.
At that time, hackers stole personal and financial data of 500 thousand customers from the company's website and mobile application, resulting in a substantial fine imposed on the airline.
