Cyber Security - The Times Of Central Asia

Viewing results 1 - 6 of 18

Online Safety

Uzbekistan Probes Alleged Personal Data Leak from State Information Systems

Reports circulating on social media and Reddit have raised concerns that the personal data of Uzbek citizens may have been leaked from government information systems and shared on darknet forums. In response, several state agencies have issued statements confirming that investigations are underway, and that their systems remain secure. According to posts shared on Reddit, links were posted to online platforms, including darknet sites, allegedly containing data from Uzbek state institutions. Some users claimed the leak could involve personal information on as many as 15 million citizens. These claims quickly gained traction across social media, prompting official responses. On February 3, Uzbekistan’s Cybersecurity Center acknowledged the reports and confirmed that it had launched an investigation. “In recent days, messages have been observed on social networks about the alleged dissemination of personal data of Uzbek citizens from certain state information systems,” the Center said in a statement. It added that a comprehensive review is ongoing and that further details would be shared upon completion of the inquiry. The Center also issued guidance to the public, urging citizens not to disclose personal information to third parties, to use complex usernames and passwords when accessing state and other digital systems, and to avoid entering data through suspicious links. In response to public speculation that information from the recent population and agricultural census may have been compromised, the Statistics Agency also issued a statement. It affirmed that all data collected during the online census, conducted between January 15 and 31, is securely stored. “All collected data are kept in encrypted form on a separate server. There is no reason for concern regarding the safety of census-related information,” the agency said. The State Tax Committee similarly denied any breach involving its systems. Addressing claims circulating on social media and various websites, the committee said it had implemented all necessary cybersecurity measures and that its interactive services and systems were functioning normally and without interruption. The Ministry of Internal Affairs echoed these reassurances, stating that the integrity of its information systems is fully intact. The ministry confirmed that no unauthorized access to personal data under its control had been detected. Authorities emphasized that investigations are ongoing and urged the public to rely on official sources for updates as checks continue.

Cyber Security

Kazakhstan Considers Criminal Liability for Mass Leaks of Personal Data

Kazakhstan is considering tightening legal responsibility for violations related to personal data protection. The Ministry of Artificial Intelligence and Digital Development has proposed introducing criminal liability for mass leaks of citizens' personal data, along with a significant increase in administrative fines for failing to comply with information security requirements. The proposal was announced by Rostislav Konyashkin, First Deputy Minister of Artificial Intelligence and Digital Development, during a government meeting. According to Konyashkin, Kazakhstan is adopting a “zero tolerance” policy regarding the mishandling of personal digital data. “In implementing the constitutional rights of citizens to privacy and the protection of personal information, we are moving to a zero-tolerance policy in this area. Digital transformation should not undermine the security of citizens, and any irresponsible handling of personal data should be punished in accordance with the law,” he said. In addition to criminal penalties for mass data breaches, the ministry is proposing to significantly increase administrative liability for officials violating information security standards. The current maximum fine is approximately $17,000. The proposed new ceiling would be about $42,500. The initiative would apply to government agencies, the quasi-public sector, financial institutions, and private companies that handle large volumes of personal data. The day prior to the government meeting, President Kassym-Jomart Tokayev addressed the issue of digital security at the National Kurultai (Assembly). He emphasized that the right to personal data protection should be enshrined in the country's. “Our Constitution must keep pace with the times. In the 21st century, digitalization is developing at a rapid pace and has a direct impact on human rights and freedoms. Therefore, the Basic Law must clearly stipulate that the personal digital data of citizens is protected by law,” Tokayev said. The push for stricter regulation follows a series of large-scale data breaches. In spring 2024, the State Technical Service of the National Security Committee identified a leak affecting over 2 million clients of the microfinance organization zaimer.kz. In summer 2025, the government confirmed the largest data breach in Kazakhstan’s history, compromising the personal information of over 16 million people, more than three-quarters of the country’s population of just over 20 million. Experts say the proposed legal reforms mark Kazakhstan’s shift toward a stricter regulatory framework, aligning with standards seen in the European Union and some Asian jurisdictions, where personal data breaches carry both administrative and criminal consequences.

Kazakhstan Pushes Nationwide AI Rollout Amid Cybersecurity Risks and Skills Shortages

Kazakhstan is preparing to deploy artificial intelligence (AI) on a large scale across the economy, government, and education. However, experts warn that without transparency, constant auditing, and stronger oversight, the program risks falling short of its goals. Slow Progress and Security Risks A meeting on AI development was held in Astana on August 11, attended by President Kassym-Jomart Tokayev, Prime Minister Olzhas Bektenov, and senior government officials. According to Tokayev, Kazakhstan’s main objective is to become a digital hub in Eurasia, but sluggish implementation, weak control mechanisms, and a shortage of qualified personnel are stymying progress. “I have already spoken about accelerating the creation of a unified national digital ecosystem," Tokayev said. "I have instructed that the necessary infrastructure be prepared, a legislative framework and data collection system be developed, and work begin on the introduction of artificial intelligence. However, the progress in implementing these instructions is unsatisfactory.” Cybersecurity is the priority, as current systems remain highly vulnerable. Since the start of the year, more than 40 major data breaches have occurred. The largest incident, in June, leaked 16.3 million records containing the personal data of Kazakh citizens, out of a population of 20 million, into the public domain. This was confirmed by Olzhas Satiev, president of the Center for Analysis and Investigation of Cyber Attacks (CARCA). By the end of the year, AI is set to be incorporated into e-government and Smart City projects, with a particular emphasis on the AI-Sana program, which aims to develop human capital and transform universities into research centers. The government is also responsible for introducing AI into state agencies and national companies, as well as drafting new legislation regulating AI. There are also plans to migrate all state and quasi-state digital systems onto a single sovereign platform. The national digital platform, QazTech, entered into commercial operation in July. Partnerships With China Kazakhstan intends to work closely with China on new digital products. Tokayev has pointed to China’s DeepSeek platform, developed for $6.5 million, far below the cost of Western equivalents, as an example to learn from. In February 2025, the National Academy of Sciences signed a memorandum with Zhejiang University of Technology, establishing an International Joint Laboratory for Spatio-Temporal Artificial Intelligence and Sustainable Development. The lab will focus on energy and climatology projects. In August, Tokayev expressed support for China’s proposal to create a World Organization for AI Development. Concerns Over Oversight and Staffing Independent analysts believe Kazakhstan has the potential to integrate AI into many aspects of daily life, given its relatively high level of digitalization. However, they warn of the risk of large sums being wasted on ineffective projects. Economist Rassul Rysmambetov has called for a full audit of more than a thousand large state IT systems to identify ineffective platforms. He also highlighted the shortage of skilled personnel: “There is too much technology, but not enough staff. Investments and start-ups sound like good slogans, but where are the professionals? I have often seen IT specialists forced into other jobs due to...

Cyber Security

Kazakhstan Confronts Major Data Leak in High-Stakes Security Crackdown

A detective thriller worthy of a Hollywood script is quietly playing out in the daily lives of Kazakhstani citizens, one with implications for nearly every household. At its core lies the largest leak of personal data in Kazakhstan’s history, unfolding across Almaty and Astana. The incident touches on something deeply personal: data that could be weaponized by fraudsters for illicit gain. Sixteen Million Records Exposed In early June, the Telegram channel SecuriXy.kz, known for its cybersecurity reporting, revealed a massive breach of Kazakh citizens' personal data. "A CSV file containing the personal data of Kazakh citizens, containing 16.3 million lines, has been discovered. The table contains the following fields: Last name, First name, Middle name, Gender, Date of birth, ID number, IIN [Bank Identification Number], Mobile phone number, Work phone number, Home phone number, Citizenship, Nationality, Address, Confirmed address, Start and end dates of residence," the channel stated. The analysis identified 16,302,107 records, 16.9 million unique phone numbers, and 15,851,699 unique individual identification numbers (IINs), the number of citizens whose information had been compromised. “The ‘address’ field often contains the addresses of dental clinics, polyclinics, the Tax Committee, universities, and other organizations,” the channel noted. The leak included highly sensitive personal data such as contact details and IINs, which the channel warned could be used for: “Phishing, social engineering, document forgery, and telephone fraud.” The data appears to have been compiled over a significant period. SecuriXy.kz reported that, “Most of the records were entered into the system after 2011,” with over two million added in 2022 alone. Data from 2023-2024 also appears, underscoring the leak's relevance. The revelation sparked swift reactions from officials. The Ministry of Digital Development, Innovation, and Aerospace Industry (MCIAI) released a statement confirming an investigation in collaboration with law enforcement and intelligence agencies. “It should be noted that the initial analysis indicates that the information may have originated from private information systems. No hacker attacks or leaks of personal data from state information systems have been recorded at this time. It is premature to draw final conclusions or confirm the accuracy of the information until the investigation is complete,” the ministry stated, adding that similar past incidents often involved outdated data compiled by service sector firms or microfinance institutions. “The ministry is monitoring the situation," the authorities concluded. "Additional information will be posted after the investigation is complete.” Cybersecurity experts, however, were less dismissive. Enlik Satieva, vice president of the TSARKA Group, a cybersecurity firm affiliated with the government, stressed the seriousness of the breach. "These are not just names," she stated. "The published database contains the most important personal data of citizens. In particular, it includes surnames, first names, patronymics, gender, dates of birth, IINs, citizenship, nationality, residential addresses, registration and residence periods, as well as mobile, home, and work phone numbers." Satieva suggested that some of the data may have been sourced from medical organizations, and that the leak might stem from a specific entity or multiple sources linked through IINs. Criminal Case and Contradictions...

Anti-fraud

Kazakhstan to Hold Banks and Mobile Operators Liable for Online Fraud Losses

Kazakhstan will introduce joint liability for banks and mobile operators in cases of internet fraud involving their infrastructure, President Kassym-Jomart Tokayev announced during an extended meeting of the country’s law enforcement agencies. Addressing the growing threat of cybercrime, Tokayev emphasized the importance of prevention, noting that many internet and phone scams originate from well-organized criminal networks operating abroad, complicating investigation and prosecution. “Preventive measures are therefore crucial. Last year, a modern anti-fraud center was established at the National Bank of Kazakhstan to detect and block suspicious transactions,” Tokayev said. “We are now introducing joint liability for banks and mobile operators in fraud cases involving their infrastructure.” Tokayev also raised concerns over citizens' involvement in money laundering schemes. “Fraudsters lure people into laundering operations by offering rewards for access to their bank accounts. Many comply without considering the severe legal consequences,” he noted. A major enabler of these crimes is the widespread use of SIM cards registered under false identities. According to the president, nearly 100,000 such cases have been detected so far in 2025. The National Bank reported that since July 2024, the anti-fraud center has frozen over 63,000 suspicious transactions worth 2.5 billion tenge (approximately $4.83 million). Common schemes include telephone scams (22%), fake investment platforms (19%), and misuse of so-called “dropper” cards (19%).Continue reading

Digital Development

The Battle for Control Over Central Asia’s Digital Future

Central Asia is digitalizing quickly. Governments across the region have invested in smart cities, 5G, and AI-powered platforms. Kazakhstan ranks 24th in the world in global e-government indexes, and in Tashkent and Bishkek, young, tech-savvy populations are pushing for innovation. But such progress is not without risks. A new report from the German Marshall Fund (GMF), a Washington-based think tank, outlines how Central Asia is becoming ever more reliant on Chinese and Russian technology. These two countries, the report argues, are using digital tools not just to supply infrastructure but to shape how governments in the region manage data, surveillance, and speech. Beijing and Moscow’s tech exports act as snares, tying customers into their own economies. “Central Asian governments are aware of these challenges,” Dylan Welch, the author of the report and a China analyst at the GMF, told The Times of Central Asia. But he notes that it can be difficult to convince policymakers to prioritize the dangers of such overexposure. “For the national leaders, their imperative is to deliver economic growth because they have these young, dynamic populations that need jobs… if they don't deliver on that, then they're in for a long period of instability at home,” he said. This makes Chinese and Russian offers to develop their digital industries extremely tempting. An Entrenched Presence The report coincides with a flurry of Russian and Chinese engagement in the region. Over the weekend, Kazakhstan announced that between them, Beijing and Moscow will be responsible for delivering a new generation of nuclear reactors to the country, currently leaving French and Korean alternatives out in the cold. Then came this week’s visit of Chinese President Xi Jinping to Astana for a summit with the five Central Asian leaders. On the digital front, one notable announcement from this summit included a plan to develop an Artificial Intelligence Cooperation Center in Kyrgyzstan. China has used the term “Digital Silk Road” to describe its investments in Central Asia, and it has built much of the physical infrastructure behind the region’s digitization drive. For its part, Russia has exported its software, legal models and surveillance practices. Taken together, these systems are helping local governments tighten control over digital life. “This strategic integration makes it more difficult for regional states to diversify in the future, even though many continue to pursue multi-vector foreign policies aimed at balancing global partnerships,” Yunis Sharifli, Non-Resident Fellow at the China-Global South Project, told TCA. Where the Vulnerabilities Lie The report uses a “technology stack” framework to explain the problem. This framework looks at five layers: network infrastructure, data storage, consumer devices, digital platforms, and government policies. Across these layers, it argues, Central Asia is exposed to Chinese and Russian influence. Take Kazakhstan. It may be the most advanced digital economy in the region, but most of its internet traffic still passes through Russia. Telecom firms across the region are also required to install a Russian-made surveillance technology known as SORM (System for Operative Investigative Activities), which can intercept internet...