- EURASIAREVIEW.COM - A la une - 03/Jul 22:50

Kazakhstan Confronts Major Data Leak In High-Stakes Security Crackdown

By Andrei Matveev (TCA) -- A detective thriller worthy of a Hollywood script is quietly playing out in the daily lives of Kazakhstani citizens, one with implications for nearly every household. At its core lies the largest leak of personal data in Kazakhstan’s history, unfolding across Almaty and Astana. The incident touches on something deeply personal: data that could be weaponized by fraudsters for illicit gain. Sixteen Million Records Exposed In early June, the Telegram channel SecuriXy.kz, known for its cybersecurity reporting, revealed a massive breach of Kazakh citizens’ personal data. “A CSV file containing the personal data of Kazakh citizens, containing 16.3 million lines, has been discovered. The table contains the following fields: Last name, First name, Middle name, Gender, Date of birth, ID number, IIN [Bank Identification Number], Mobile phone number, Work phone number, Home phone number, Citizenship, Nationality, Address, Confirmed address, Start and end dates of residence,” the channel stated. The analysis identified 16,302,107 records, 16.9 million unique phone numbers, and 15,851,699 unique individual identification numbers (IINs), the number of citizens whose information had been compromised. “The ‘address’ field often contains the addresses of dental clinics, polyclinics, the Tax Committee, universities, and other organizations,” the channel noted. The leak included highly sensitive personal data such as contact details and IINs, which the channel warned could be used for: “Phishing, social engineering, document forgery, and telephone fraud.” The data appears to have been compiled over a significant period. SecuriXy.kz reported that, “Most of the records were entered into the system after 2011,” with over two million added in 2022 alone. Data from 2023-2024 also appears, underscoring the leak’s relevance. The revelation sparked swift reactions from officials. The Ministry of Digital Development, Innovation, and Aerospace Industry (MCIAI) released a statement confirming an investigation in collaboration with law enforcement and intelligence agencies. “It should be noted that the initial analysis indicates that the information may have originated from private information systems. No hacker attacks or leaks of personal data from state information systems have been recorded at this time. It is premature to draw final conclusions or confirm the accuracy of the information until the investigation is complete,” the ministry stated, adding that similar past incidents often involved outdated data compiled by service sector firms or microfinance institutions. “The ministry is monitoring the situation,” the authorities concluded. “Additional information will be posted after the investigation is complete.” Cybersecurity experts, however, were less dismissive. Enlik Satieva, vice president of the TSARKA Group, a cybersecurity firm affiliated with the government, stressed the seriousness of the breach. “These are not just names,” she stated. “The published database contains the most important personal data of citizens. In particular, it includes surnames, first names, patronymics, gender, dates of birth, IINs, citizenship, nationality, residential addresses, registration and residence periods, as well as mobile, home, and work phone numbers.” Satieva suggested that some of the data may have been sourced from medical organizations, and that the leak might stem from a specific entity or multiple sources linked through IINs. Criminal Case and Contradictions On June 18, Digital Development Minister Zhaslan Madiyev reiterated to journalists in the Mazhilis that the leaked data was not current. “This is not recent data; there has been no hacking of recent state databases. This is most likely ‘historical’ data that was previously leaked and is now available on the darknet. When it appears on any Telegram channels, we block it, and there have been minor updates to this data. This data dates back to May 1, 2024, and there have been no recent leaks,” he said. One day later, Deputy Prosecutor General Galymzhan Koigeldiyev confirmed the opening of a criminal case. Though officials have attempted to downplay the leak, enforcement agencies were already at work. On June 9, prior to the public revelation, Kazakhstan’s cybercrime department and the National Security Committee dismantled a network selling personal data online. “The information was obtained from state databases and distributed through Telegram channels, including to individual debt collection companies. More than 140 people have been detained, including the owners of the company and the channel administrators. Five suspects were arrested. During searches of the debt collection companies, more than 400 items of computer and other electronic equipment were seized,” Zhandos Suinbay, head of the Interior Ministry’s cybercrime unit, stated. High-Profile Arrests: The ‘Big Fish’ In a separate but potentially related case, the Financial Monitoring Agency announced the arrest of senior officials during the handover of a $75,000 bribe in Almaty. The detainees were identified as Ruslan Omarov, general director of First Credit Bureau LLP, Akmaidi Sarbasov, head of the Labor Resources Development Center, and former first deputy labor minister, and Daulet Argyndykov, former head of the same center and ex-deputy health and social development minister. Journalist Mikhail Kozachkov, often a source for insider law enforcement information, linked the arrests to the data leak. According to Kozachkov, the Almaty Economic Investigation Department discovered that the state-owned Center for Labor Resources Development under the Ministry of Labor had long provided privileged access to citizens’ private information. “This body collects data on Kazakh citizens, including financial information such as pension contributions, benefits, social status, and employment contracts,” Kozachkov wrote, alleging that Omarov’s company systematically bribed officials to gain early access to this data. “That is why the prosecutor’s office agreed to charge the head of this company, Ruslan Omarov. He is suspected of systematically bribing the management of the Labor Resources Development Center. He was detained while transferring money,” Kozachkov stated. “The case mentions a sum of $80,000. In exchange for this money, the subsidiary of the Ministry of Labor provided the First Credit Bureau with the ability to quickly obtain all the necessary information about citizens’ finances in order to quickly compile credit files. To do this, the First Credit Bureau organized a clever connection via VPN, which allowed the private company to obtain all the relevant information before its competitors. The credit files that were subsequently created were sold to second-tier banks, which is how they made their money.” A Calculated Information War? Given the timing and coordination of arrests and disclosures, some analysts speculate that the leak may have served as cover for a broader opera...