Massive Data Breach Exposure Affecting Approximately 16 Million Kazakhstani Residents
In a significant move to bolster its digital infrastructure and enhance cybersecurity, Kazakhstan is taking proactive steps to prevent future data leaks following the recent leak of a database containing personal information of nearly 16 million citizens.
The incident, confirmed to contain outdated information from 2022, originated from previous leaks and was partially supplemented by users with access to the systems as part of their official duties. This underscores the need for real-time monitoring and auditing of database access, stricter rules for sharing personal information between organisations, and a culture of information security.
An official investigation is underway, involving the Information Security Committee of the Kazakh Ministry of Digital Development, Innovations, and Aerospace Industry, the National Security Committee, and the State Technical Service.
In response to the growing threat of cyberattacks, Kazakhstan is pursuing several integrated strategies. Firstly, the nationwide rollout of high-speed internet is being accelerated, with plans to extend fiber-optic networks to rural areas and ensure nearly full mobile coverage by 2027.
Secondly, the government is modernising data centers with enhanced security and deploying AI-powered platforms with built-in cybersecurity standards. The QazTech platform, designed for fast development and secure deployment of government IT services, is one such example.
Thirdly, a comprehensive national cybersecurity strategy is being developed, with international expertise from UAE and Israeli consultants. This strategy aims to address increasing cyberattacks and systemic vulnerabilities exposed by recent data leaks.
Fourthly, the government is focusing on improving digital hygiene and access control. Strict access controls and up-to-date data management protocols are being enforced across public sector information systems.
Fifthly, Kazakhstan is advancing digital law reforms, including AI ethics, data protection, and cybersecurity legislation. Finalising and enforcing these laws will increase accountability and set clear standards for data privacy and cyber defence.
Sixthly, the government is investing in cybersecurity training and capacity building for government IT personnel and critical infrastructure managers. This will improve defence readiness against attacks.
As cybersecurity becomes a strategic necessity with the expected increase in cyberattacks and AI technologies in 2025, companies are not only required to implement advanced solutions but also to train personnel capable of responding quickly to threats.
Violations of personal data protection legislation in Kazakhstan are subject to administrative and criminal liability. The revised Code of Administrative Offenses of Kazakhstan, signed by President Kassym-Jomart Tokayev in January 2025, increases penalties for violations of the country's personal data protection legislation.
Individuals can protect their personal data by using strong passwords, enabling two-factor authentication, regularly monitoring activity in banking apps and government services, being cautious when sharing personal data, avoiding clicking on suspicious links or installing unknown apps, and staying informed about potential data leaks.
Regular independent penetration tests, connecting organisations to sectoral cybersecurity centres, and participation in bug bounty programs are crucial measures to identify vulnerabilities and minimise future risks.
The ministry encourages citizens and organisations to submit proposals to improve data protection practices via the eOtinish platform. The ministry is working consistently to improve the legislation on personal data protection, and amendments to laws on personal data protection and informatization are currently under review by the Mazhilis, a lower chamber of the Kazakh Parliament.
Cybersecurity is a shared responsibility: the government must strengthen infrastructure security, businesses must handle data responsibly, and users must practice good digital hygiene.
- In light of the recent data leak and the growing threat of cyberattacks, Kazakhstan is implementing technology-driven strategies, such as modernizing data centers with AI-powered platforms and enhancing cybersecurity standards, to address systemic vulnerabilities.
- As the expected increase in cyberattacks and AI technologies in 2025 underscores the need for improved cybersecurity, individuals are advised to practice good digital hygiene, such as using strong passwords and enabling two-factor authentication, to protect their personal data.
