On March 6, 2024, the State Technical Service (STS) of the Committee of National Security of Kazakhstan disclosed details of a data leak at the microfinance organization (MFO) zaimer.kz.
According to the STS, the infrastructure of MFO zaimer.kz was hacked, leading to the exposure of personal data of two million Kazakhstanis, including full names, phone numbers, emails, ID information, addresses, work details, as well as banking card and account information.
The analysis revealed that the website and IP addresses of the MFO were based in Kazakhstan, complying with the country's data protection laws.
The breach occurred through the hacking of the infrastructure of Robo Finance, the ecosystem supporting various MFOs including zaimer.kz.
In response to the incident, the STS emphasized the importance of enhancing borrower identification procedures for online microloans since May 2021.
The STS warned about the serious consequences of data breaches, highlighting the risks of financial fraud and privacy violations.
To protect personal data, the STS recommended immediate card blocking and contacting the Committee on Information Security of Kazakhstan for legal actions.
The breach, affecting over two million Kazakhstanis, underscores the critical need for robust cybersecurity measures in the financial sector.