An advertisement was spotted on shadow internet marketplaces offering a data set from JSC KazAgroFinance – a subsidiary of the National Managing Holding Baiterek, specialising in agricultural machinery leasing.
The volume of data on offer exceeded 4 terabytes and included the organisation's database, as well as backup copies of the top management's personal computers. The advertisement has now been removed.
According to sources at FBKK, the situation may have arisen following a change of IT team in the company. The new specialists encountered problems accessing the system's backup copies, which could indicate unauthorised copying and removal of data by the previous development team.
A potential data leak could affect the operations of all 16 branches of the company, located across all regions of Kazakhstan. JSC KazAgroFinance, headed by chairman of the board Aidar Prashev, is a major employer – the company has approximately 500 employees.
The situation could negatively impact the leasing system for farmers. Disruption to the IT infrastructure may lead to failures in processing applications and servicing existing contracts.
This incident raises serious questions about the need to strengthen information security controls in state-owned companies and improve handover procedures when staff changes occur.
Implementing protocols that prevent unauthorised access to confidential information and ensure the preservation of critically important data during staff rotation is becoming particularly important.
The editorial team at FBKK will continue to monitor developments.