Uncovered Information on a Data Breach Impacting 16 Million Residents in Kazakhstan

Uncovered Information on a Data Breach Impacting 16 Million Residents in Kazakhstan

In a bid to enhance personal data security and prevent future digital leaks, Kazakhstan has recently adopted a series of reforms aimed at strengthening its data protection regulations. The key changes, enacted in December 2023, empower state authorities to oversee compliance with personal data protection laws, limit personal data collection, and encourage ethical hacking to identify vulnerabilities in e-government systems [1].

One of the most significant reforms is the legalization of white hat hackers, who can now participate in the country's bug bounty program, voluntarily identifying security flaws in e-government systems [1]. This proactive approach is expected to boost the detection and mitigation of security flaws.

The new laws also introduce new administrative offenses, with violations of personal data protection legislation now subject to penalties ranging from 30 monthly calculation indexes (MCI) to 2,000 MCI, approximately between 117,960 tenge (US$217) and 7.9 million tenge (US$14,553) [2].

These measures are not just reactive, but also aim to prevent future data breaches. Regular independent penetration tests, connecting organizations to sectoral cybersecurity centers, and participation in bug bounty programs are key measures to safeguard against such incidents [3].

The recent data leak, confirmed to contain outdated information dating back to 2022, has reaffirmed the need for real-time monitoring and auditing of database access, regulation of rules for sharing personal information between organizations, promotion of a culture of information security, and tightening of the legislation and regulatory requirements related to the storage, processing, and protection of personal data [4].

Cybersecurity expert Bekarys Kabi offers several tips for individuals to protect their personal data, including using strong passwords, enabling two-factor authentication, regularly monitoring activity in banking apps and government services, being cautious when sharing personal data, and staying informed about potential data leaks [5].

The ongoing efforts to strengthen data protection in Kazakhstan are not isolated. The country is also considering regulations addressing AI and data usage to ensure protection against misuse, with laws restricting manipulative AI behavior, unauthorized biometric data use, and unconsented remote real-time identification in public spaces [3].

As cybersecurity becomes a strategic necessity, the number of cyberattacks and the development of AI technologies are expected to increase in 2025, requiring companies not only to implement advanced solutions but also to train personnel capable of responding quickly to threats [6].

Furthermore, amendments to laws on personal data protection and informatization are currently under review by the Mazhilis, a lower chamber of the Kazakh Parliament, aiming to enhance the legal framework and establish new mechanisms for ensuring information security at state-owned informatization facilities [7].

The recent data leak is not the first one in Kazakhstan; several high-profile data breaches have occurred previously. However, the ongoing efforts suggest a commitment to addressing these issues and ensuring the protection of personal data for Kazakh citizens [8].

References:

[1] ZdNet. (2023). Kazakhstan legalizes white-hat hacking as part of bug bounty program. [online] Available at: https://www.zdnet.com/article/kazakhstan-legalizes-white-hat-hacking-as-part-of-bug-bounty-program/

[2] Kazpravda. (2023). Kazakhstan adopts new law on personal data protection. [online] Available at: https://kazpravda.kz/ru/news/society/view/kazahstan-adoptiroval-novyi-zakon-o-zashchite-lichnyh-dannyh-2023-12-07

[3] The Diplomat. (2023). Kazakhstan's Data Protection Regulations: A Comprehensive Overview. [online] Available at: https://thediplomat.com/2023/12/kazakhstans-data-protection-regulations-a-comprehensive-overview/

[4] Astana Times. (2024). Kazakhstan's data leak highlights need for stronger cybersecurity. [online] Available at: https://astanatimes.com/2024/06/kazakhstans-data-leak-highlights-need-for-stronger-cybersecurity/

[5] Astana Times. (2024). Expert offers tips to protect personal data amid data leak. [online] Available at: https://astanatimes.com/2024/06/expert-offers-tips-to-protect-personal-data-amid-data-leak/

[6] The Diplomat. (2024). Cybersecurity in Kazakhstan: A Strategic Necessity for 2025. [online] Available at: https://thediplomat.com/2024/12/cybersecurity-in-kazakhstan-a-strategic-necessity-for-2025/

[7] Astana Times. (2024). Parliament to review personal data protection laws. [online] Available at: https://astanatimes.com/2024/10/parliament-to-review-personal-data-protection-laws/

[8] The Diplomat. (2024). Kazakhstan's Data Protection Regulations: A Comprehensive Overview. [online] Available at: https://thediplomat.com/2023/12/kazakhstans-data-protection-regulations-a-comprehensive-overview/

1. Kazakhstan's focus on cybersecurity extends beyond data protection to include AI and data usage, aiming to prevent misuse and unauthorized biometric data use.
2. To combat cybercrime, the country is also considering regulations restricting manipulative AI behavior and unconsented remote real-time identification in public spaces.
3. In addition to strengthening corporate cybersecurity, personal-finance management is important for individuals to protect their data, including using strong passwords, enabling two-factor authentication, and monitoring activity in banking apps and government services.
4. Amidst ongoing efforts to ensure data protection, Kazakhstan's educational sector emphasizes self-development and staying informed about potential data leaks to promote a culture of security.
5. Aside from cybersecurity, the country's data regulations also address home-and-garden matters, such as the regulation of rules for sharing personal information between organizations.
6. In the rapidly evolving world of technology, businesses are expected to invest in advanced solutions and train personnel to respond quickly to cyber threats, with the number of attacks predicted to increase in 2025.
7. Finance plays a role in Kazakhstan's cybersecurity efforts, as administrative offenses for violations of personal data protection laws carry penalties ranging from small fines to significant sums, contributing to the general-news coverage in the country.

Read also: