On April 1, 2024, the Ministry of Digital Development of Kazakhstan shared details about the results of the investigation into the February data leak. It was disclosed that on February 16, 2024, unknown individuals published materials from one of the hacker groups on GitHub, which included personal data of Kazakhstani citizens dating back to 2019-2022.
The leaked information contained data of Kazakhstani telecommunications operators with subscriber information, as well as mentions of AO "Kazakhtelecom," AO "Unified Accumulative Pension Fund," and AO "Air Astana," as stated by the press service.
A joint analysis of the information security status of mobile operators was conducted by the Ministry, the National Security Committee, and AO "State Technical Service." No new compromise facts were found in their infrastructure.
Specialists confirmed that the companies are safeguarded by domestic operational information security centers. Unscheduled inspections were carried out to ensure compliance with information security requirements for AO "Kazakhtelecom," AO "Unified Accumulative Pension Fund," and AO "Air Astana."
Subsequently, AO "Kazakhtelecom" and AO "Air Astana" were held administratively accountable and issued directives to rectify violations within a year under Article 641, Part 1, Point 2 of the Administrative Offenses Code of Kazakhstan.
Interestingly, no violations were found in AO "Unified Accumulative Pension Fund." The information and communication infrastructure of these organizations are continuously monitored 24/7 to detect and prevent information security incidents, as stated by the Ministry.
The Ministry of Digital Development had announced these unscheduled inspections for Unified Accumulative Pension Fund, Air Astana, and AO "Kazakhtelecom" on March 15, 2024.