The Ministry of Digital Development, Innovation, and Aerospace Industry of Kazakhstan has disclosed the findings of an investigation into a microfinance organization called zaimer.kz. The State Technical Service uncovered a breach involving over 2 million personal data records of Kazakhstani citizens who are clients of zaimer.kz. Following the analysis of the leaked data, the affected individuals were identified. The National Information Technologies disseminated notifications and recommendations to citizens via the eGov Mobile app and portal to mitigate any adverse effects of the breach. It was noted that the notification system is currently undergoing a pilot phase and will be fully operational starting from July 1, 2024, in accordance with the amendments to the country's laws on information security, informatization, and digital assets.
The ministry has received more than 5200 complaints related to this incident. A collaborative inspection by the ministry's cybersecurity committee and the Financial Market Regulation Agency resulted in administrative actions against the microfinance organization, culminating in a monetary penalty. Affected citizens are advised to pursue compensation through civil court proceedings. The Ministry recommended that citizens temporarily restrict credit access using the eGov Mobile app and adhere to cybersecurity guidelines available on the ministry's website. It stressed that the collection and processing of personal data must be conducted with the explicit consent of the individual or their legal representative, as mandated by Kazakhstan's laws on personal data protection.
In line with the "Cyber Shield-2" initiative, cybersecurity tips have been formulated to assist individuals in safeguarding their data. These include using strong passwords, keeping software up to date, avoiding suspicious messages and links, utilizing antivirus software, exercising caution with personal information on online platforms, enabling two-factor authentication, and reviewing privacy settings on social media and online services. Additional information on data protection measures can be accessed on the State Technical Service's official website.