• KGS/USD = 0.01143 0%
  • KZT/USD = 0.00205 0%
  • TJS/USD = 0.10433 0.1%
  • UZS/USD = 0.00008 0%
  • TMT/USD = 0.28577 0%
  • KGS/USD = 0.01143 0%
  • KZT/USD = 0.00205 0%
  • TJS/USD = 0.10433 0.1%
  • UZS/USD = 0.00008 0%
  • TMT/USD = 0.28577 0%
  • KGS/USD = 0.01143 0%
  • KZT/USD = 0.00205 0%
  • TJS/USD = 0.10433 0.1%
  • UZS/USD = 0.00008 0%
  • TMT/USD = 0.28577 0%
  • KGS/USD = 0.01143 0%
  • KZT/USD = 0.00205 0%
  • TJS/USD = 0.10433 0.1%
  • UZS/USD = 0.00008 0%
  • TMT/USD = 0.28577 0%
  • KGS/USD = 0.01143 0%
  • KZT/USD = 0.00205 0%
  • TJS/USD = 0.10433 0.1%
  • UZS/USD = 0.00008 0%
  • TMT/USD = 0.28577 0%
  • KGS/USD = 0.01143 0%
  • KZT/USD = 0.00205 0%
  • TJS/USD = 0.10433 0.1%
  • UZS/USD = 0.00008 0%
  • TMT/USD = 0.28577 0%
  • KGS/USD = 0.01143 0%
  • KZT/USD = 0.00205 0%
  • TJS/USD = 0.10433 0.1%
  • UZS/USD = 0.00008 0%
  • TMT/USD = 0.28577 0%
  • KGS/USD = 0.01143 0%
  • KZT/USD = 0.00205 0%
  • TJS/USD = 0.10433 0.1%
  • UZS/USD = 0.00008 0%
  • TMT/USD = 0.28577 0%
Menu
Search
14 March 2026
Menu

Viewing results 1 - 6 of 16

Online Safety

Uzbek Minister Says No Evidence of 15 Million Citizens’ Data Leak

In early February, The Times of Central Asia reported that the personal data of Uzbek citizens may have been leaked from government information systems and circulated on darknet forums. The report followed online discussions alleging that databases linked to state institutions were being distributed via anonymous platforms. According to posts shared on Reddit, links to online repositories, including darknet resources, allegedly contained data obtained from Uzbek state institutions. Some users claimed the breach could involve the personal information of up to 15 million citizens. The allegations quickly spread across social media, prompting public concern and official responses. On February 12, a press conference was held at the Ministry of Digital Technologies, attended by journalists, media representatives, and members of the public. Minister of Digital Technologies Sherzod Shermatov addressed the reports, stating that the issue had become the subject of widespread discussion in recent days. Shermatov emphasized that information security and personal data protection remain state policy priorities. He said authorized bodies had conducted research immediately after the reports emerged and presented preliminary findings based on technical analysis. According to officials, cyberattacks targeted the information systems of three state agencies between January 27 and 30. However, the claim that data relating to 15 million citizens had been leaked was not confirmed during the initial assessment. Authorities stated that the number of potentially affected records appears to be closer to 60,000, rather than the figure circulating on social networks. During the briefing, officials placed the situation in an international context. They noted that with the rapid expansion of digitalization worldwide, cyberattacks have increased even in technologically advanced countries. In 2025 alone, global losses from cybercrime reportedly reached $10.5 trillion, while more than 16 billion user records were compromised from major corporate platforms. Media reports have described large-scale breaches in several countries, including China, the United States, the United Kingdom, and Indonesia over the past two years. Uzbek officials stressed that the key challenges in such cases are early detection, rapid response, and damage mitigation, followed by strengthening protective systems. They reported that in 2024 more than seven million cyber threats were neutralized through national cybersecurity nodes. In 2025, that figure exceeded 107 million, reflecting both increased activity in cyberspace and expanded monitoring capacity. To contain the recent incident, authorities said unauthorized access to information infrastructure was blocked. Passwords for users of the Unified Identification System, known as OneID, were reset, and additional technical safeguards were introduced. Officials added that new measures now allow users to control whether their personal data can be shared with other systems based on individual consent. Explaining the concept of a personal data leak, officials clarified that it does not automatically mean a citizen’s private account has been hacked. In many cases, limited data, such as a name, date of birth, address, or phone number, may be exposed. On its own, such information does not enable fraudsters to act on behalf of an individual without additional verification data. However, it may be used in social engineering schemes. Authorities...

Personal Data

Uzbekistan Eases Data Localization Rules to Support Global Payment Platforms

Uzbekistan’s Senate has approved amendments to the Law on Personal Data, a move aimed at easing restrictions that have hindered the operation of international online payment platforms and slowed digital economic growth. The changes were adopted during the Senate’s 13th plenary session, according to official parliamentary sources. Lawmakers noted that an increasing number of Uzbek freelance developers are selling software products and digital content to foreign clients via global platforms. While some major services accept payments through bank cards or transfers, others, such as Upwork, Fiverr, Envato, and Storyblocks, rely almost exclusively on PayPal. However, PayPal does not fully support bank cards issued in Uzbekistan, largely due to the country's data localization requirements. Under the current legislation, personal data must be stored on servers located within Uzbekistan. This requirement has discouraged several international payment providers from entering the local market. Senators stated that the newly approved amendments aim to remove these barriers and establish clearer conditions for cross-border data use. The revised law stipulates that only specific categories of personal data, such as biometric, genetic, and telecommunications-related information, must remain stored domestically. Other types of personal data may be transferred and stored abroad, provided that strict information security protocols are observed. The Cabinet of Ministers will be authorized to approve a list of countries deemed to offer adequate personal data protection standards. According to lawmakers, these changes will accelerate the development of fintech, e-commerce, and the broader digital economy. They are also expected to enable legal and transparent payment mechanisms for freelancers and improve access to contactless payment options for foreign tourists. The reform builds on a government initiative launched in October 2024, when authorities instructed the Tourism Committee, the Central Bank, and the Ministry of Digital Technologies to engage with payment providers such as Alipay, Apple Pay, Google Pay, PayPal, and UniPay. The directive included a review of national legislation to facilitate their integration into Uzbekistan’s financial system.

Online Safety

Uzbekistan Probes Alleged Personal Data Leak from State Information Systems

Reports circulating on social media and Reddit have raised concerns that the personal data of Uzbek citizens may have been leaked from government information systems and shared on darknet forums. In response, several state agencies have issued statements confirming that investigations are underway, and that their systems remain secure. According to posts shared on Reddit, links were posted to online platforms, including darknet sites, allegedly containing data from Uzbek state institutions. Some users claimed the leak could involve personal information on as many as 15 million citizens. These claims quickly gained traction across social media, prompting official responses. On February 3, Uzbekistan’s Cybersecurity Center acknowledged the reports and confirmed that it had launched an investigation. “In recent days, messages have been observed on social networks about the alleged dissemination of personal data of Uzbek citizens from certain state information systems,” the Center said in a statement. It added that a comprehensive review is ongoing and that further details would be shared upon completion of the inquiry. The Center also issued guidance to the public, urging citizens not to disclose personal information to third parties, to use complex usernames and passwords when accessing state and other digital systems, and to avoid entering data through suspicious links. In response to public speculation that information from the recent population and agricultural census may have been compromised, the Statistics Agency also issued a statement. It affirmed that all data collected during the online census, conducted between January 15 and 31, is securely stored. “All collected data are kept in encrypted form on a separate server. There is no reason for concern regarding the safety of census-related information,” the agency said. The State Tax Committee similarly denied any breach involving its systems. Addressing claims circulating on social media and various websites, the committee said it had implemented all necessary cybersecurity measures and that its interactive services and systems were functioning normally and without interruption. The Ministry of Internal Affairs echoed these reassurances, stating that the integrity of its information systems is fully intact. The ministry confirmed that no unauthorized access to personal data under its control had been detected. Authorities emphasized that investigations are ongoing and urged the public to rely on official sources for updates as checks continue.

Cyber Security

Kazakhstan Considers Criminal Liability for Mass Leaks of Personal Data

Kazakhstan is considering tightening legal responsibility for violations related to personal data protection. The Ministry of Artificial Intelligence and Digital Development has proposed introducing criminal liability for mass leaks of citizens' personal data, along with a significant increase in administrative fines for failing to comply with information security requirements. The proposal was announced by Rostislav Konyashkin, First Deputy Minister of Artificial Intelligence and Digital Development, during a government meeting. According to Konyashkin, Kazakhstan is adopting a “zero tolerance” policy regarding the mishandling of personal digital data. “In implementing the constitutional rights of citizens to privacy and the protection of personal information, we are moving to a zero-tolerance policy in this area. Digital transformation should not undermine the security of citizens, and any irresponsible handling of personal data should be punished in accordance with the law,” he said. In addition to criminal penalties for mass data breaches, the ministry is proposing to significantly increase administrative liability for officials violating information security standards. The current maximum fine is approximately $17,000. The proposed new ceiling would be about $42,500. The initiative would apply to government agencies, the quasi-public sector, financial institutions, and private companies that handle large volumes of personal data. The day prior to the government meeting, President Kassym-Jomart Tokayev addressed the issue of digital security at the National Kurultai (Assembly). He emphasized that the right to personal data protection should be enshrined in the country's. “Our Constitution must keep pace with the times. In the 21st century, digitalization is developing at a rapid pace and has a direct impact on human rights and freedoms. Therefore, the Basic Law must clearly stipulate that the personal digital data of citizens is protected by law,” Tokayev said. The push for stricter regulation follows a series of large-scale data breaches. In spring 2024, the State Technical Service of the National Security Committee identified a leak affecting over 2 million clients of the microfinance organization zaimer.kz. In summer 2025, the government confirmed the largest data breach in Kazakhstan’s history, compromising the personal information of over 16 million people, more than three-quarters of the country’s population of just over 20 million. Experts say the proposed legal reforms mark Kazakhstan’s shift toward a stricter regulatory framework, aligning with standards seen in the European Union and some Asian jurisdictions, where personal data breaches carry both administrative and criminal consequences.

Cyber Security

Kazakhstan Confronts Major Data Leak in High-Stakes Security Crackdown

A detective thriller worthy of a Hollywood script is quietly playing out in the daily lives of Kazakhstani citizens, one with implications for nearly every household. At its core lies the largest leak of personal data in Kazakhstan’s history, unfolding across Almaty and Astana. The incident touches on something deeply personal: data that could be weaponized by fraudsters for illicit gain. Sixteen Million Records Exposed In early June, the Telegram channel SecuriXy.kz, known for its cybersecurity reporting, revealed a massive breach of Kazakh citizens' personal data. "A CSV file containing the personal data of Kazakh citizens, containing 16.3 million lines, has been discovered. The table contains the following fields: Last name, First name, Middle name, Gender, Date of birth, ID number, IIN [Bank Identification Number], Mobile phone number, Work phone number, Home phone number, Citizenship, Nationality, Address, Confirmed address, Start and end dates of residence," the channel stated. The analysis identified 16,302,107 records, 16.9 million unique phone numbers, and 15,851,699 unique individual identification numbers (IINs), the number of citizens whose information had been compromised. “The ‘address’ field often contains the addresses of dental clinics, polyclinics, the Tax Committee, universities, and other organizations,” the channel noted. The leak included highly sensitive personal data such as contact details and IINs, which the channel warned could be used for: “Phishing, social engineering, document forgery, and telephone fraud.” The data appears to have been compiled over a significant period. SecuriXy.kz reported that, “Most of the records were entered into the system after 2011,” with over two million added in 2022 alone. Data from 2023-2024 also appears, underscoring the leak's relevance. The revelation sparked swift reactions from officials. The Ministry of Digital Development, Innovation, and Aerospace Industry (MCIAI) released a statement confirming an investigation in collaboration with law enforcement and intelligence agencies. “It should be noted that the initial analysis indicates that the information may have originated from private information systems. No hacker attacks or leaks of personal data from state information systems have been recorded at this time. It is premature to draw final conclusions or confirm the accuracy of the information until the investigation is complete,” the ministry stated, adding that similar past incidents often involved outdated data compiled by service sector firms or microfinance institutions. “The ministry is monitoring the situation," the authorities concluded. "Additional information will be posted after the investigation is complete.” Cybersecurity experts, however, were less dismissive. Enlik Satieva, vice president of the TSARKA Group, a cybersecurity firm affiliated with the government, stressed the seriousness of the breach. "These are not just names," she stated. "The published database contains the most important personal data of citizens. In particular, it includes surnames, first names, patronymics, gender, dates of birth, IINs, citizenship, nationality, residential addresses, registration and residence periods, as well as mobile, home, and work phone numbers." Satieva suggested that some of the data may have been sourced from medical organizations, and that the leak might stem from a specific entity or multiple sources linked through IINs. Criminal Case and Contradictions...

Anti-fraud

Kazakhstan to Hold Banks and Mobile Operators Liable for Online Fraud Losses

Kazakhstan will introduce joint liability for banks and mobile operators in cases of internet fraud involving their infrastructure, President Kassym-Jomart Tokayev announced during an extended meeting of the country’s law enforcement agencies. Addressing the growing threat of cybercrime, Tokayev emphasized the importance of prevention, noting that many internet and phone scams originate from well-organized criminal networks operating abroad, complicating investigation and prosecution. “Preventive measures are therefore crucial. Last year, a modern anti-fraud center was established at the National Bank of Kazakhstan to detect and block suspicious transactions,” Tokayev said. “We are now introducing joint liability for banks and mobile operators in fraud cases involving their infrastructure.” Tokayev also raised concerns over citizens' involvement in money laundering schemes. “Fraudsters lure people into laundering operations by offering rewards for access to their bank accounts. Many comply without considering the severe legal consequences,” he noted. A major enabler of these crimes is the widespread use of SIM cards registered under false identities. According to the president, nearly 100,000 such cases have been detected so far in 2025. The National Bank reported that since July 2024, the anti-fraud center has frozen over 63,000 suspicious transactions worth 2.5 billion tenge (approximately $4.83 million). Common schemes include telephone scams (22%), fake investment platforms (19%), and misuse of so-called “dropper” cards (19%).Continue reading

Close