Copies of passports, identification codes, driver's licenses, and vehicle registrations were publicly available in the cloud storage. The data had been collected since 2021 and, according to cyber expert Jake Dixon, had been unprotected for three years.
Copies of passports, identification codes, driver's licenses, and vehicle registrations were publicly available in the cloud storage. The data had been collected since 2021 and, according to cyber expert Jake Dixon, had been unprotected for three years.
Among the nearly one million files are personal information of citizens who bought or sold used cars, including international transactions. Open access allowed anyone to abuse this data — in particular, Russian special services, according to an analytical article by the Kyiv Independent.
“If these documents haven’t already fallen into the hands of attackers, it’s only a matter of time,” said cyber expert Jake Dixon, who discovered the leak back in 2022 and reported it to Ukrainian authorities to no avail. It was only after an appeal by Kyiv Independent journalists in March 2025 that the files were finally secured.
There are currently 992,978 such documents. They all appear to come from technical inspection stations that inspect and certify used foreign cars sold in Ukraine. According to the Ministry of Internal Affairs, Ukrainians buy more than 300,000 such cars per year. Documents collected during such inspections form the basis of the database.
Dixon reported his discovery to Ukrainian authorities, but his warnings fell on deaf ears. CERT-UA, the state cyber command, received a report from Dixon about the problem in 2022, but took no action. The State Special Communications Service, which oversees CERT-UA, said the Ministry of Digital Transformation was likely responsible, but it also denied involvement. At the same time, the inspection stations — the source of the leak — are private entities certified by the Ministry of Community Development. And here too, no one was found responsible.
It seems that no one in the government wants to take responsibility for ignoring this situation. Kyiv Independent notes that they were unable to obtain any specifics regarding the leak of personal data.
In recent months, Ukraine has been under massive cyberattacks, which have affected the work of state institutions and the country's transport logistics. In particular, in December last year, a cyberattack was directed at the Ministry of Justice of Ukraine, when citizens were unable to fully use state services in Ukraine for several weeks.
A week ago, the state-owned railway carrier Ukrzaliznytsia was hit by another cyberattack. As a result of the attack, passengers were unable to purchase tickets online, and it took several days for the system to be restored.
According to the Department of Security of the National Cyber Security Center, Ukraine accounts for 20% of global cyber attacks. Last week, a law was adopted that should help strengthen the country's security in cyberspace.
