A hacker using the alias ByteToBreach has claimed responsibility for breaking into the systems of Uzbekistan Airways, allegedly stealing personal information belonging to hundreds of thousands of people — including employees of several U.S. government agencies. The claim was first reported by Straight Arrow News, which reviewed samples of the leaked data.
What the hacker claims
According to the publication, the data set allegedly includes:
- 503,000 passenger email addresses
- 285 corporate emails linked to Uzbekistan Airways staff
- Personal details of 379,000 members of the airline’s loyalty program, such as names, birth dates, phone numbers, and nationalities
- Passport and ID scans from more than 40 countries
Among those affected, the hacker alleged, are employees of the U.S. State Department, the Department of Energy, as well as staff from ICE, TSA, and CBP.
The attacker is also reported to have demanded €150,000 in Bitcoin from the airline in exchange for withholding further publication of the data.
Airline’s response
Uzbekistan Airways has denied the claims, saying its internal checks revealed no signs of unauthorized access.
«The published information has no relation to our systems and may have been artificially generated or altered to create a false impression of a breach,» the airline said in a statement.
Expert concerns
Cybersecurity specialist Troy Hunt, founder of Have I Been Pwned, noted the complexity of such cases:
«Hackers often fabricate breaches, while companies may also deny genuine ones. The truth is always in the data itself.»
Journalists from Straight Arrow News contacted several individuals whose information appeared in the files. Some confirmed they had indeed used Uzbekistan Airways services, raising further questions about the authenticity of the leak.
