The Ministry of Digital Development, Innovation and Aerospace Industry (MDDIAI) reported that the microfinance organisation (MFO) ‘Robokash.kz’ has been held administratively liable for violating legislation on personal data and its protection.
According to the press service of the department, the Ministry organised an inspection of ‘Robokash.kz’ following a data leak of more than 2 million Kazakhstanis from the zаimеr kz portal.
‘The LLP has been brought to administrative liability with a fine of 1,000 MCI (3,692,000 tenge). Under summary proceedings, the organisation paid a fine of 500 MCI (1,846,000 tenge) in accordance with Article 79, Part 4, of the Administrative Code of the Republic of Kazakhstan’, the department reported.
The MDDIAI also stated that, in relation to this case, citizens are entitled to apply to the court to consider the issue of compensation for material or moral damage caused by the personal data leak.
Recall that earlier Kazakhstanis were informed about the leak of their personal data in the ‘EgovMobile’ app. Notifications were also sent to those who had never taken out loans from MFOs.
Not long before that, a massive leak of internal data occurred at the Ministry of Public Security of the People's Republic of China. Files containing confidential conversations and operational data were posted on the GitHub hosting platform in open access. Among the published files, the private data of subscribers of Kazakhstani telecom operators Beeline, Altel, Tele2, Kcell and Kazakhtelecom was also discovered.
It was also reported that among the leaked files, information from the UAPF from 2019 and data on passengers of the airline ‘Air Astana’ were found.
Recently, the MDDIAI conducted unscheduled inspections at JSC ‘Kazakhtelecom’, JSC ‘Unified Accumulative Pension Fund’ (UAPF) and JSC ‘Air Astana’ for compliance with information security requirements. Based on the results, ‘Kazakhtelecom’ and ‘AirAstana’ were held administratively liable and given one year to rectify the violations.
However, according to informburo.kz, ‘AirAstana’ stated that the MDDIAI order to rectify the violations is not related to issues of clients' personal data. Moreover, the airline assured that ‘passenger data was not compromised’.