Massive data leak: Ukrainian IDs, other documents exposed by years of cyber negligence
Shoddy cyber security at Ukrainian vehicle inspections has exposed hundreds of thousands of personal documents for the past four years.
Largely scans of passports, taxpayer identification numbers, driver's licenses and vehicle registrations, the documents span a broad stretch of Ukrainian geography and demography. Mostly, they identify people who were buying or selling used cars internationally.
Up until April 1, the documents were available, unprotected and unencrypted, on a server of one of the largest cloud storage providers in the world that, though tough to get to for regular users, is easy enough to find for bad actors.
'If it hasn't already been accessed, it's just a matter of time before it is and can be abused to ruin a lot of people,' says cybersecurity and access management specialist Jake Dixon, who spotted the documents. 'And I know that there are teams of people in Russian intelligence and Russian cyber commands that are looking for stuff like this.'
The earliest documents date to the start of 2021. Dixon found them and informed Ukrainian authorities back in April 2022, but said it went nowhere. Only now, three years later, once contacted by the Kyiv Independent, authorities appear to have started securing them.
The documents in question currently number 992,978. They all seem to come from vehicle inspection sites, which check and certify used foreign cars sold into Ukraine. Ukrainians buy upwards of 300,000 such vehicles per year, per Interior Ministry data. Documents gathered for those vehicle inspections form the core of the database.
Many of the documents are relatively harmless, like photos of cars and receipts for transactions, or certifications themselves. But the database includes core identifying documents like passports and taxpayer cards (similar to a U.S. Social Security Card) for likely tens, and possibly hundreds of thousands of Ukrainians, as well as foreign entities who sold cars into Ukraine. Unprotected, it was a ripe target for identity theft. There is no way of knowing the extent to which it has been accessed or what data has been taken from it.
As of publication, the most recent batch was uploaded on March 11. The earliest documents date back to the beginning of 2021. On April 1, 2025, what seems to be all of them were taken private.
The data leak comes as Ukraine has been — in theory — on high alert about cyber security for over three years.
Formerly public data for many Ukrainian services have gone dark since Russia's full-scale invasion. This is in large part out of concerns that Russian intelligence or hackers will use information from sources like property registries to locate, blackmail and extort Ukrainians.
At the same time, personal data of thousands of Ukrainians have been endangered through what appears to be sloppy security at vehicle inspections centers. The centers are private businesses certified by the Ministry of Development of Communities and Territories that provide inspections of the condition of a car — a government requirement when a car is brought into Ukraine from abroad.
The cloud storage provider in question is regarded as a highly secure system for data management. However, that is not the case when the data collected is not protected by basic security like a password. For obvious security reasons, the Kyiv Independent is not including links to the cloud server containing the documents in question.
However, it's relatively easy for individuals with fairly cheap specialty software to navigate it and find the documents. Dixon himself located the bucket using software that scans for sensitive data left vulnerable, software that he says certainly exists in Russia and elsewhere.
Scanning for unsecured personal documents has been 'a risk since people started moving to the cloud. It's something that threat actors actively watch,' says Dixon. 'I would be surprised if it hasn't been discovered by someone else in the frame of time since I discovered it. And they're still uploading files to this container.'
The way the data in question is arranged makes it more complicated to use en masse, or search through for names of specific people listed. It is, however, easy to go through and find individual identifying information for random individuals.
'I think there was a drive for digitization and this (system) just got pushed because someone needed access to this data quickly, and then some connection got opened, some configuration got changed. It's just been sitting there ever since, collecting,' Dixon described the exposed batch of documents.
Dixon warned Ukrainian cyber authority the Computer Emergency Response Team of Ukraine, or CERT-UA, of the exposure back in 2022, per emails reviewed by the Kyiv Independent. After responding to Dixon asking for more information, CERT-UA went quiet for, apparently, three years.
Anton Kobyliansky, a representative for the State Special Communications Service which oversees CERT-UA, told the Kyiv Independent that the responsibility for both was 'cyber incidents,' which did not include this leaked data. Kobyliansky said this data was likely the responsibility of the Ministry of Digital Transformation and declined to comment.
The Ministry of Digital Transformation is the agency that launched Diia, a mobile application that digitizes government services and documents. Announced in 2019, Diia launched in early 2020 with passports and driver's licenses the first documents to be digitized. Viktoriia Savchenko, a representative for the Ministry of Digital Transformation, similarly denied her agency's responsibility for the data involved.
The documents come from a number of privately-owned Ukrainian vehicle inspection centers, almost all relating to government-mandated certificates for the import of used vehicles. A number of phone numbers for service centers listed including Center Auto and AutoTechnoServis were dead.
A staffer for Euro-Center, one of the inspection centers that appear most frequently in the leak, did not return a request for comment when reached. The contact number for another servicer, VK-Auto, hung up on the Kyiv Independent, when asked about the data leak.
The government authority licensing the vehicle inspections stations is the Ministry of Development of Communities and Territories, previously called the Ministry of Infrastructure. When reached, Ruslan Kyrychenko, head of the Technical Regulation Department of the Road Transport and Safety Department within the ministry, said: 'We note that the vehicle inspection centers do not report to the Ministry of Development.'
Currently, Ukrainian government data is heavily centralized. A hack that came to light in December took the bulk of Ukraine's federal government registries offline for weeks, stalling services ranging from incorporation to vehicle sales to marriage registration.
Responsibility for that government data is, however, thoroughly dispersed.
The Kyiv Independent contacted the relevant authorities on March 26 — including the above, representatives for Ukraine's State Security Service and the Ministry of Justice.
All denied ownership of the data. Yet, after repeated follow-up, the data on the server began to go private on April 1, 2025 — just shy of three years after Dixon, an Irish national living in Estonia, first reported the problem to Ukrainian authorities. As of publication, none of the officials contacted would acknowledge involvement in taking the data offline, but someone was clearly responding to inquiries.
'Sloppy,' says fellow cybersecurity specialist and sometimes hacker on behalf of Ukraine Karla Wagner, upon reviewing the open data. 'There's a high probability that someone set this up in a hurry, perhaps even deployed a demo, with data replication turned on by default, and they didn't take the time to secure it.'
It is not complicated to make one of these databases private, or guard it with a password.
'These days, whenever you go into that configuration, it comes up with a big warning saying, 'do not leave this as public' because of how many times this has occurred for people,' says Dixon.
'It shouldn't be open like this, especially in a time of war.'
Hi, this is Kollen, the author of this article. Thanks for reading. Ukrainians' responses to Russia's invasion showcase a society that is deeply resilient and inventive, despite pullbacks in aid. If you like reading stories highlighting those features from on the ground, please consider supporting our work by of the Kyiv Independent.
Read also: '89 hours of non-stop work' — Ukrainian Railways' battle against a cyberattack by 'the enemy'
We've been working hard to bring you independent, locally-sourced news from Ukraine. Consider supporting the Kyiv Independent.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Boston Globe
24 minutes ago
- Boston Globe
Russia pummels Kharkiv with drones and bombs, Ukraine says
On Saturday afternoon, Russia dropped two more glide bombs on the city, killing at least one more resident and injuring at least 16 others, Terekhov said. Advertisement Photographs released by Ukraine's emergency services showed the upper floors of a residential block ablaze after the overnight strike, with white smoke pouring into the early morning sky. In other images, rescuers sifted through the charred wreckage of a gutted apartment. Parts of the photos were blurred, likely to hide the remains of two people killed in that strike, according to the rescuers. A third person died elsewhere in Kharkiv, and about 20 others were injured in the assault. Advertisement The local prosecutor's office said Saturday afternoon that six people were most likely still trapped under the rubble of an industrial facility in Kharkiv that was struck during the overnight attack. The attacks Saturday came as Russian forces about 100 miles north of Kharkiv pushed deeper into Ukraine's northeastern Sumy region, seizing two more villages and advancing their effort to carve out a buffer zone along the Russia-Ukraine border. Even in Kharkiv, a city of 1.3 million that over the years has learned to live with near-daily Russian bombardments, Saturday's attacks were a clear sign of Russia's strategy to intensify air assaults in a bid to overwhelm and break through Ukraine's air defenses. They came just a day after Russia launched one of its biggest air assaults of the war across Ukraine, involving more than 400 drones and more than 40 missiles, in what Russia described as retaliation for Ukraine's audacious attacks on its strategic bomber bases last weekend. President Donald Trump this past week compared the dual air assaults between Russia and Ukraine to 'two young children fighting like crazy.' 'They hate each other, and they're fighting in a park, and you try and pull them apart,' Trump said Thursday in an Oval Office news conference. 'They don't want to be pulled. Sometimes you're better off letting them fight for a while and then pulling them apart.' In an interview with ABC News released Friday, Ukrainian President Volodymyr Zelenskyy responded to the comment. 'We are not kids with Putin at the playground in the park,' he said, referring to Russian President Vladimir Putin. 'He is a murderer who came to this park to kill the kids.' In April, a Russian missile struck a playground in Zelenskyy's hometown, Kryvyi Rih, killing 19 civilians, including nine children. It was the deadliest strike against children since the beginning of the war, according to the United Nations. Advertisement Russia's intensified attacks have come alongside a new offensive in the east and in the northeastern Sumy region. The push into Sumy follows Russian forces driving Ukrainian troops back from parts of Russia's Kursk region, just across the border from Sumy. To prevent future incursions into Kursk, Putin announced last month that Russian forces would launch an offensive in Sumy to create a buffer zone along the border. In the past three weeks, Russian troops have seized about 10 villages in the area, gaining control of roughly 75 square miles of territory. 'It's clear this is already an offensive on Sumy region -- a full-scale offensive,' said Andrii, a 44-year-old company intelligence commander fighting there who declined to be identified with his full name for security reasons and due to military protocol. He said he saw the offensive not only as an effort to establish the buffer zone that Putin called for, but also as a strategy to pin down Ukrainian forces and prevent their redeployment to other front-line hot spots in the east. Andrii said Russian troops were currently pushing toward the village of Khotin, 6 miles from the border. If they seize it, he warned, the situation could turn critical. Khotin sits on high ground and lies less than 12 miles from the city of Sumy, the regional administrative center, close enough for Russian forces to strike it with drones and artillery. Sumy is home to about 250,000 people. More than 200 villages and settlements have been evacuated from the Sumy region over the past year because of the fighting. Advertisement This article originally appeared in
Yahoo
an hour ago
- Yahoo
Zelenskyy: Over 40 injured in Kharkiv, these are not "retaliatory" strikes
One woman was killed and more than 40 were injured in a Russian attack on Kharkiv with guided aerial bombs on Saturday 7 June. Source: Ukrainian President Volodymyr Zelenskyy on Telegram and in the evening address Quote: "As of now, more than 40 people were reportedly injured and one killed in Kharkiv as a result of a Russian guided aerial bomb attack. Another brutal murder. Aerial bombs on civilians in the city – even near a children's railway. This makes no strategic sense. It is pure terrorism. And it has been going on for more than three years of full-scale war. This cannot be ignored. We cannot turn a blind eye to it. And this is not a game. Every day we lose our people only because Russia feels it has impunity. We need to force Russia to make peace." Updated: In his evening address, Zelenskyy said that "no matter what anyone says, these are not 'retaliatory' Russian strikes, but strikes aimed at destruction, the complete destruction of life." Zelenskyy stressed that no form of pressure on Russia should be weakened – neither the measures that have already been applied nor the methods of pressure that are being prepared. "We are working to increase Ukrainian air defence. We need positive signals from the US, specific signals on air defence. We are still waiting for a response to the offer to buy systems that can help," he said. Background: At around 17:35, Russia attacked the Shevchenkivskyi and Kyivskyi districts of Kharkiv with four guided aerial bombs. A 30-year-old employee of Ukrzaliznytsia (Ukrainian Railways) was killed and at least 18 other people were injured. Four of the victims are employees of Ukrzaliznytsia. The attack damaged two buildings of a children's railway and four railway carriages, as well as houses and an outbuilding. Support Ukrainska Pravda on Patreon!
Yahoo
an hour ago
- Yahoo
Operation Spider's Web: Germany estimates that Ukraine damaged 10% of Russian strategic aircraft
Ukraine's drone attack on Russian airfields on 1 June probably damaged about 10% of Russia's strategic bomber fleet, German Major General Christian Freuding has said. Source: Freuding in a podcast, as reported by European Pravda, citing Reuters Quote: "According to our assessment, more than a dozen aircraft were damaged, TU-95 and TU-22 strategic bombers as well as A-50 surveillance planes." Details: According to the general, who coordinates Berlin's military assistance to Kyiv and works closely with the Ukrainian Defence Ministry, the A-50s, which have a similar function to NATO's AWACS aircraft in providing air surveillance, were probably not in working order. "We believe that they can no longer be used for spare parts. This is a loss, as only a handful of these aircraft exist," he said. "As for the long-range bomber fleet, 10% of it has been damaged in the attack according to our assessment," Freuding added. The United States estimates that the daring Ukrainian drone attack hit up to 20 Russian warplanes, destroying about 10 of them, two US officials told Reuters. Experts say it will take Moscow years to replace the affected aircraft. Despite the losses, Freuding sees no immediate reduction in Russian strikes on Ukraine, noting that Moscow still retains 90% of its strategic bombers, which can launch ballistic and cruise missiles in addition to dropping bombs. "But there is, of course, an indirect effect as the remaining planes will need to fly more sorties, meaning they will be worn out faster, and, most importantly, there is a huge psychological impact," he said. Freuding said that Russia felt secure in its vast territory, which also explains why the aircraft were not well protected. "After this successful operation, this no longer holds true. Russia will need to ramp up the security measures," the general said. Background: On 1 June 2025, the Security Service of Ukraine (SSU) carried out a special operation codenamed Pavutyna ("Spider's Web"), hitting Russian strategic jets at four airfields. SSU head Vasyl Maliuk stated that 34% of strategic cruise missile carriers at Russia's main airfields had been destroyed. The SSU said the estimated cost of the equipment destroyed as a result of Operation Spider's Web is over US$7 billion. A senior NATO official called the operation the most successful one yet. The Alliance estimated that at least 40 aircraft were damaged. Between 10 and 13 aircraft were completely destroyed. Ukrainian President Volodymyr Zelenskyy has emphasised that the security services used exclusively Ukrainian weapons in this operation and did not use equipment from allied warehouses. Support Ukrainska Pravda on Patreon!
