The «Diia» team officially commented on the «data drain» of Ukrainians, emphasizing that the portal does not store personal data.
The «Diia» team officially commented on the «data drain» of Ukrainians, emphasizing that the portal does not store personal data.
Yesterday, a message appeared on Facebook from hacker Andriy Baranovich, better known by the nickname Sean Townsend, about a data leak from «Diya». This post is currently unavailable.
Today, «Diia» announced that they conducted an investigation after receiving information about a possible «drain».
«Our team conducted an investigation and established: the distributed files are falsifications and do not originate from Diia’s systems and are not the result of their hacking or leakage,» the press service reported.
«Specifically, the published files are a mix of previously known „leaks“ from commercial sources that have been manually edited and supplemented with fake records to make them look like a „fresh“ database. This is a typical black market practice: old leaks are „freshened“ with fake records to pass them off as a new mass leak and mislead people.»
The fact is that this information is collected from different registers into one array, believes People’s Deputy Oleksandr Fedienko, who also reported on the found data archive called diia_users_db_2025.zip.
«We view the distribution of fake files as a coordinated attempt to attack Diya and undermine trust in government services,» the portal’s press service noted.
«Diia» emphasized that they do not store personal data — the system works on the data-in-transit principle: information is pulled from state registers at the time of request and is not accumulated in the application or on the portal.
In confirmation of this, in March 2024, the code of «Diya» was made public. It is publicly available, and anyone can make sure that there are no hidden databases with citizens’ data in it» — Vitaly Balashov, Deputy Minister of Digital Transformation for Cybersecurity and Clouds.
