Ukraine’s Ministry of Digital Transformation has refuted reports of a supposed data leak from the government’s Diia app, saying that the files circulating online have nothing to do with the state service.
“Our team conducted an investigation and established that the distributed files are falsifications. They do not originate from Diia’s systems and are not the result of any hack or leak,” explained Vitalii Balashov, Deputy Minister of Digital Transformation for Cybersecurity and Cloud Services.
According to him, the files are a mix of old leaks from commercial sources, which were manually edited and supplemented with fabricated entries to make them look like a “fresh” database. Such manipulation, he added, is a common practice on the black market.
The ministry emphasized that Diia does not store personal data. The system operates on a data-in-transit principle — information is retrieved from state registers at the moment of a user’s request and is not accumulated within the app or the portal.
“We consider the spread of these fake files a coordinated attempt to attack Diia and undermine trust in state digital services,” Balashov stressed.
He also reminded that in March 2024, Diia’s source code was made public and remains open-access, allowing anyone to verify that there are no hidden citizen databases.
Ukrainian cybersecurity expert and Member of Parliament Oleksandr Fedienko has raised the alarm after an archive titled diia_users_db_2025.zip appeared online, containing millions of records of citizens’ personal data.