An expert, contrary to the authorities’ statements, believes that Ukrainians’ data was stolen from Diia profiles

The personal data of millions of Ukrainians, reportedly being sold according to MP Oleksandr Fediyenko, was stolen from user accounts of the “Diia” application.

This was stated by cybersecurity expert Kyrylo Vazhnytsky on his Facebook page.

According to him, the data came specifically from profiles of the portal, not the mobile application.

“I and Shon Townsend (a Ukrainian cybersecurity specialist) checked independently of each other using different markers and agreed on the source,” Vazhnytsky noted.

The expert clarified that the leaked data was updated as of early 2025. The dataset contains 1 million records, of which 983,300 belong to real tax residents of Ukraine. About 16,700 more records are test data and artifacts that appear when logging into Diia with a legal entity’s key. According to Vazhnytsky, there is no reason to believe that the volume offered for sale covers all compromised data.

He also drew attention to the fact that the “createdAt” field in the leaked database actually indicates the date the profile was updated — which does not always happen at the user’s initiative, but sometimes automatically when other registry entries are changed.

“The original structure of the fields was altered, the data most likely was not. Whoever merged the three name fields into one ‘FIO’ (and even changed the order) and messed up the date format into the idiotic DD.MM.YYYY — a nail should be hammered into their head,” Vazhnytsky remarked.

Shortly after, Vazhnytsky posted another update on the data leak, claiming the published database shows a “100% sign of imitation of updates,” and that most likely the “sellers” do not actually possess a “significant amount” of confidential information.

Meanwhile, the Ministry of Digital Transformation denies that Ukrainians’ data was stolen from Diia.

The agency stated that the files published online are “a mix of previously known leaks from commercial sources, manually edited and supplemented with fake records to make them look like a fresh database.”

“This is a typical black-market practice: old leaks are refreshed with fake data to pass them off as a new large-scale breach and mislead people,” the ministry said.

“We consider the distribution of fake files to be a coordinated attempt to attack Diia and undermine trust in government services,” the ministry added.