Hacker claims data breach of Uzbekistan Airways, company denies

A threat actor using under the alias "ByteToBreach" has claimed responsibility for a data breach of Uzbekistan Airways, allegedly exposing sensitive personal information belonging to hundreds of thousands of passengers, including employees of multiple U.S. government agencies. 

The incident has created controversy as the airline categorically denies any breach occurred, claiming the purported data may have been artificially generated using advanced technology.

According to the hacker's claims, the compromised data originated from Uzbekistan Airways' Amazon Web Services S3 cloud storage and PostgreSQL database systems. The breach allegedly includes:

• Email addresses of over 500,000 passengers
• Email addresses of approximately 400 airline employees
• Personal information of 379,603 loyalty program members (names, genders, birthdates, nationalities, phone numbers, member IDs)
• Scanned passport documents from over 40 countries including the U.S., Russia, Israel, the U.K., and South Korea
• Partial credit card information and financial transaction details
• Driver's licenses, birth certificates, and marriage licenses
• Corporate credentials for critical systems including Amadeus airline software, IMAP accounts, AWS S3, and Docker systems
• Internal correspondence and communications

The nature of the attack is not disclosed by the hacker.

Analysis of the purported data revealed email addresses and personal information belonging to personnel from the State Department, Department of Energy, Immigration and Customs Enforcement (ICE), Customs and Border Protection (CBP), and the Transportation Security Administration (TSA). Employees of foreign government agencies from countries including Russia, Uzbekistan, and the United Arab Emirates were reportedly included in the compromised data.

To verify the authenticity of the claims, Straight Arrow News contacted several individuals whose information appeared in the data samples. Responses included confirmation from affected passengers, with one Russian traveler providing documentation of a June flight from Tashkent to Moscow, and a Japanese passenger confirming membership enrollment in the airline's loyalty program. When contacted, an apparent TSA employee answered the phone using the first name listed in the hacked data and confirmed their government position before declining further comment and referring inquiries to the Department of Homeland Security.

The hacker has demanded payment of 150,000 euros (approximately $176,000) in Bitcoin from Uzbekistan Airways in exchange for not selling the data to other cybercriminals. Screenshots allegedly showing email exchanges between the hacker and airline personnel indicate that company employees acknowledged receiving attachments containing identity documents taken from the airline's cloud storage systems.

Uzbekistan Airways has issued a categorical denial of any security incident, releasing an official statement on its website rejecting all breach allegations. The airline stated that there had been no "unauthorized access to our information systems or any compromise of personal data belonging to passengers or employees." The company suggested that the data samples presented as evidence could have been "artificially generated" using modern technology to create a false impression of a cybersecurity incident.