The Russian company Sirena Travel, which was responsible for the leak of personal data of Kazakh citizens from the airline ticket sales website, has been held accountable.
According to Informburo.kz, this was reported by the chairman of the information security committee of the Ministry of Digital Development, Innovation and Aerospace Industry of Kazakhstan, Ruslan Abdikalikov.
"We literally received a response from Russia's 'Roskomnadzor' last week. They informed us that the company had been penalised in accordance with Russian legislation," said Abdikalikov at a briefing at the Central Communications Service (CCS).
However, how exactly Sirena Travel was penalised has not yet been disclosed. The official noted that Kazakh citizens whose data ended up in the public domain can only seek compensation through the courts.
"Unfortunately, at present, neither Russian nor Kazakh legislation has such a procedure. We are only planning to introduce this. When cyber insurance is in place, then citizens will be able to do so. Currently, the only option is to file a lawsuit against this company in the Russian Federation and prove that some damage was caused," he explained.
For context, in December last year, the personal data of Kazakh citizens was exposed to the public domain after a hack of the company Sirena Travel.
The leak included data on domestic flights of Kazakh citizens from 2007 to 2023, containing information on nearly 700,000 flights on aircraft operated by airlines Air Astana, Scat, Qazaq Air and Bek Air within the country.
The database also includes information on international flights of Kazakhstan citizens on aircraft of Russian airlines. The leaked files contain passenger data, their document numbers, phone numbers and email addresses.