(6 January 2026 | Source: Bes.media)
Massive violations in the field of information security have led to a strict warning from the government. The Deputy Prime Minister — Minister of Digital Development, Innovation and Aerospace Industry Zhaslan Madiev stated that heads of state bodies will bear personal responsibility for personal data leaks, regardless of the reasons or technical explanations.
WHAT THE INSPECTIONS REVEALED
According to the words of Zhaslan Madiev, despite the existence of relevant legislation, many state information systems continue to operate in violation of regulations. This, as the minister noted, creates real risks of citizens' personal data being leaked.
The conducted inspections showed that the violations are systemic in nature and are recorded both within the state bodies themselves and in their subordinate organisations.
WHAT MEASURES HAVE ALREADY BEEN TAKEN
The minister reminded that in 2024 Kazakhstan adopted additional measures to strengthen cybersecurity. These include:
- introducing responsibility for the heads of state bodies;
- strengthening requirements for the protection of personal data;
- expanding control mechanisms in the field of information security.
Over the past year, more than 1 million people have received training in the basics of cyber hygiene, and the number of inspections of state bodies in this area reached a record level.
A SYSTEMIC PROBLEM OF COMPLIANCE WITH THE LAW
According to the inspection results, as Madiev emphasised, a key problem was identified — state bodies and organisations often fail to comply with legally established requirements.
"State bodies and organisations frequently violate information security requirements. In this regard, central state bodies and agents need to strengthen control over the security of citizens' personal data," the minister stated.
"YOU BEAR INDIVIDUAL RESPONSIBILITY"
Separately, the Deputy Prime Minister emphasised that all requirements in the field of information security are already enshrined in legislation, and claims of ignorance or technical difficulties will not be accepted.
"You bear individual responsibility for the leakage of personal data from the information systems belonging to your state bodies," Zhaslan Madiev stated.
It will be recalled that information previously appeared online about a leak of the user database of Kundelik, the equivalent of the Russian "Dnevnik.ru" system. At least thousands of records containing students' full names, dates of birth, names of educational institutions, and grades ended up in the public domain.
The administration of the Kundelik electronic diary denied the information about the leak of users' personal data.
In turn, the Ministry of Artificial Intelligence and Digital Development also found no evidence of a hack of the Kundelik diary system.
Later, the Vice-Minister of Artificial Intelligence and Digital Development Doszhan Musaliyev stated that a leak had indeed occurred, but that it happened several years ago and does not affect the service's current database.
At that time, for violating information security requirements, the company Kundelik was fined 750 MCI (2.9 million tenge). As Musaliyev clarified, the investigation into this incident is ongoing, and its full results will be published later.