Data protection and transparency are DREAM’s priorities — no breach or data leak has occurred

Several russian Telegram channels are spreading false information about an alleged "hack" of the DREAM electronic platform.

We emphasize: the data being portrayed as “leaked” is, in fact, open data. It is publicly accessible to anyone via the DREAM system’s open API (Application Programming Interface), which is documented on the platform’s public portal.

Similar manipulations were previously used regarding the Prozorro and Prozorro.Sale systems, which were also subjects of comparable false claims. Openness is one of the core principles behind DREAM. Open data is actively used by civil society organizations, journalists, analysts, and private services to enhance transparency and efficiency in managing public investments.

We assure you: there has been no leak of personal data, nor any technical or infrastructural breach of the system. User data, project information, donor records, and contacts remain fully protected.

In early 2025, as part of cooperation with the European Commission and the EU4PFM project, the international company EY conducted an independent IT audit of the DREAM system. The audit assessed compliance with global best practices for software, information, and infrastructure security of IT systems, as outlined in the Application Security Verification Standard (OWASP ASVS). It covered all key control areas, including data security, internal networks, infrastructure, monitoring services, and access control.
 

The audit confirmed the platform's reliability and high level of compliance, particularly in safeguarding information assets. All identified potential vulnerabilities were addressed as part of this year’s system update cycle.

We urge media outlets, analysts, and the public to rely only on verified sources of information and to refrain from spreading narratives that are part of information attacks by the aggressor state.