Uzbekistan airline hack reveals data on U.S. government employees

A hacker claiming to be “ByteToBreach” allegedly breached Uzbekistan Airways, stealing 300 gigabytes of data including 500,000 passenger email addresses, 2,626 identifying documents from 40+ countries, and information on U.S. government employees from agencies including State Department, ICE, TSA, and CBP. The hacker demanded 150,000 euros ($176,000) in bitcoin from the airline and provided Straight Arrow News with samples containing passports, IDs, birth certificates, and loyalty program data for nearly 380,000 members, with several passengers independently confirming their travel history with the airline. Uzbekistan Airways denied any breach occurred, claiming the leaked data may have been artificially generated using AI and calling the allegations “inaccurate” following internal review of sample materials. Security expert Troy Hunt noted that while both hackers and organizations can lie about breaches, “the truth is always in the data,” as the exposed information poses significant risks for phishing attacks, identity theft, and potential national security concerns given the inclusion of government employee data from multiple countries.​​​​​​​​​​​​​​​​