The Ministry of Digital Development, Innovation and Aerospace Industry (MDDIAI) has reported the results of an investigation into the leak of personal data of Kazakh citizens, which was published on the GitHub hosting platform.
The MDDIAI, the National Security Committee, and JSC "State Technical Service" conducted an analysis of the information security status of mobile network operators. It is reported that, based on the results, no new instances of compromise were identified.
At the same time, the ministry carried out unscheduled inspections at JSC "Kazakhtelecom", JSC "Unified Accumulative Pension Fund" (UAPF), and JSC "Air Astana" to verify compliance with information security requirements. As a result, "Kazakhtelecom" and "Air Astana" were held administratively liable under Paragraph 2, Part 1, Article 641 of the Code of Administrative Offences of the Republic of Kazakhstan "Violation of Legislation on Informatisation" and were given one year to rectify the violations. No violations were found at the UAPF.
"It should be noted that, at present, the information and communication infrastructure of these organisations is under 24-hour monitoring with the aim of identifying and preventing information security incidents," the MDDIAI concluded.
It will be recalled that earlier, a massive leak of internal data occurred at the Ministry of Public Security of the People's Republic of China. Files containing confidential conversations and operational data were placed in the public domain on the GitHub hosting platform. Among the published files, private data of subscribers of Kazakh mobile operators Beeline, Altel, Tele2, Kcell, and Kazakhtelecom was also discovered.
At the same time, it was reported that among the leaked files, information from the UAPF dating from 2019 and details regarding the airline "Air Astana" were found.