A file with the data of 20 million Ukrainians was leaked on the Internet.
People's Deputy Alexander Fedienko reported the discovery of a file/archive with personal data in the public domain of about 20 million citizens of Ukraine.
This is an archive that appears online as
diia_users_db_2025.zip; According to the MP, this is a consolidated sample from various sources, not just from public services. A part of the array is allegedly published as a «sample», the full volume is offered for purchase.The database, as described in the media, may contain Full name, mobile numbers, e-mail, place of work and other fields; among the records are people who have never used Diia«, which indicates a compilation from different registers/sources. Official confirmation of the scale from the state authorities is still awaited.
What happened
Fediyenko wrote about the possible leak on social media in the morning 21 September 2025. A number of Ukrainian media outlets reported that reports of the sale of the array with the «example» in the public domain appeared on the darknet/on thematic forums. The media emphasise that the exact origin of the set has not been established.
What you need to know about the content
According to media publications and the MP, the array contains at least the following fields:
NAME;
telephone;
e-mail;
sometimes place of work/position and other reference information.
Fediyenko also emphasised that much of this information could have been previously available in open sources (state registers, leaks from commercial databases), but now they are collected in one array, This increases the risk of abuse.
Is it related to Diia?«
The file name contains the word diia, However, Fediyenko argues that the array contains data from people who have never used the Diia app«, So it's more about compilation from various sources, and not a single hack of a particular service. As of the time of publication, there are no official conclusions of the cyber authorities.
Risks
Having a large consolidated file with contacts makes it easier for attackers:
phishing (emails/SMS/calls to extort codes and passwords),
SIM-swapping / SIM reissue,
Targeted fraudulent calls («employees of a bank/government agency»),
attempts taking out loans or access to accounts if additional data is available.
What experts and the media advise
Change passwords to mail and important services, do not repeat the same password.
Enable 2FA (two-factor authentication) wherever possible.
Check bank notifications/subscriptions, Be attentive to calls «from the bank/state services».
Do not follow links from suspicious SMS/emails, do not report one-time codes.
What's next
We are waiting for comments and verification of the incident from the relevant authorities (State Service of Special Communications and Information Protection, CERT-UA). The editorial team will follow the reports and update the material after the official information on the origin and scale of the array becomes available.
Sources.
UNN; Ministry of Finance; Focus; Obozrevatel; Today.ua; TSN.
Ukrainian
English