The Ministry of Science and Higher Education (MSHE) of Kazakhstan stated that the seminar involving state security service personnel was not dedicated to issues of cybersecurity or the protection of personal data. This contradicts the previously stated words of Minister Sayasat Nurbek amidst scandals surrounding data leaks from Al-Farabi Kazakh National University (KazNU).
WHAT THE MINISTER SAID
Earlier, the Minister of Science and Higher Education, Sayasat Nurbek, reported that the department had engaged state security service personnel to address cybersecurity issues following data leaks in the higher education system.
According to him, several seminars had already taken place for employees responsible for information security, cybersecurity, and data protection. The minister stated that the training was conducted with the participation of the state security service, which is responsible for the security of the Head of State and reports directly to him.
WHAT THE MINISTRY RESPONDED
As reported by BES.media, in an official response the MSHE confirmed the fact that a seminar had been held, but emphasised that issues of data leaks were not discussed there.
"The subject of the report did not concern issues of cybersecurity, information security, or the protection of personal data of students and employees of educational organisations," the ministry's response states.
The MSHE also clarified that information security issues fall within the competence of the information security committee of the Ministry of Artificial Intelligence and Digital Development.
WHAT DATA LEAKS OCCURRED AT KAZNU
The most recent known leak of student data from Al-Farabi KazNU occurred on 10 April 2026. Personal data, including medical information, ended up in the public domain.
Prior to this, a major scandal took place in February 2024. At that time, the medical data of female students, including their full names, Individual Identification Numbers (IIN), and other confidential information, was leaked online. Following the incident, the university reported that it had terminated the contract with the organisation whose employee had caused the leak.
Some employees were dismissed at the time, while others faced administrative liability.
According to Sayasat Nurbek, the cause of the incident was an error during data processing. In his account, a medical centre employee failed to delete fields containing confidential information, after which the file was distributed to departments without additional checks.