Uzbekistan’s Bank Faces Cybersecurity Breach, 3 Billion UZS Stolen

A cyberattack has led to the theft of nearly 3 billion UZS from a deposit account at the Jizzakh branch of the Uzbekistan-based Asakabank.

The money was withdrawn through the bank’s mobile application, with the deposit holder accusing the bank’s staff of negligence, while the bank places the blame on the client for security lapses, The Caspian Post reports, citing Uzbek media.

The cyber theft occurred in Jizzakh, where a citizen had deposited a large amount of money at Asakabank’s regional branch.

Documents obtained by Kun.uz reveal that on December 19, 2023, a deposit agreement was signed between the citizen and the Jizzakh regional branch of Asakabank. Under the agreement, the client deposited USD 210,000.

On May 26, 2025, unknown individuals carried out a cyberattack, withdrawing nearly 3 billion UZS from the client’s "On-line UZS Mobile" deposit account via Asakabank’s mobile application.

The citizen claims that Asakabank has failed to fulfill its contractual obligations and alleges that bank employees forged deposit agreements in his name and misappropriated the funds.

The bank staff, on the other hand, argue that the cyber theft occurred due to the client's phone being infected with a virus through an APK file, which allowed the hackers to access the account. In response, the deposit holder emphasized that the funds were withdrawn from a secure account protected by the bank’s two-step verification system, and therefore the responsibility lies with the bank.

As a result, the Jizzakh Region Investigation Department under the Regional Internal Affairs Directorate has launched a criminal case under Article 169, Part 3 (b, v) of the Criminal Code (Theft committed in large amounts or by organized groups) against unidentified individuals. Investigations are currently ongoing.