The State Technical Service Committee of Kazakhstan revealed details of a personal data leak from the microfinance organization zaimer.kz on March 6, 2024. The infrastructure of zaimer.kz was hacked, leading to the exposure of personal data of two million Kazakhstani citizens, including full names, phone numbers, emails, ID details, addresses, work information, as well as bank card and account details.
The investigation by the State Technical Service revealed that the website of the microfinance organization and IP addresses are based in Kazakhstan, complying with the country's data protection laws. The leak occurred through a hack on the infrastructure of Robo Finance, the ecosystem supporting various microfinance organizations, including zaimer.kz.
To combat the issuance of fake microloans, stricter identification procedures for online microloans have been enforced since May 2021. Clients must now be identified through digital signatures, biometric verification via the National Bank of Kazakhstan's data exchange center, or two-factor authentication in real-time.
The State Technical Service emphasized the serious consequences of data leaks, warning of potential financial fraud if banking details are exposed. They advised individuals to contact their bank to block cards and recommended reporting incidents to the Ministry of Digital Development, Innovation, and Aerospace Industry for further action.
In response, the microfinance organization Robocash.kz denied any hacking attacks on their systems and assured that their services are operating normally with enhanced security measures. Clients were informed that no immediate action was required from their end.
On March 5, 2024, the State Technical Service discovered the leak of over two million Kazakhstani citizens' personal data, prompting investigations and responses from relevant authorities and organizations.
