The prosecutor's office of the Borodulikha district in the Abay region has identified a leak of personal data belonging to 194 employees from three secondary schools. The violation was discovered during a monitoring of the public procurement portal.
According to the department's press service, when announcing public procurements for staff medical examinations, the institutions posted lists of all employees with personal data, including biographical details, IIN and other information.
"According to current legislation, such data is subject to mandatory protection. Individuals who have access to restricted information are obliged to ensure its confidentiality and are not entitled to distribute personal data without the consent of its owner or a legal basis," the prosecutor's office noted.
As a result, the school directors were held administratively liable — they were fined a total amount of more than 1 million tenge, and were also subjected to disciplinary sanctions.
"Currently, the district's education department has taken measures to prevent similar violations in the future," the statement said.
For context, in September 2024, the editorial board of FBRK identified a similar case in the East Kazakhstan Region: a district school also published the personal data of all employees during a public procurement for staff medical examinations. At that time, the Department of Internal State Audit found no violations, and the director and chief accountant only received reprimands.
In June 2025, personal data of clients of popular Kazakh online stores "Meloman" and "Imperiya Tsvetov" also became publicly accessible. The leaked information included names, phone numbers, delivery addresses, lists of ordered goods, and customer comments.