Personal Data of 16 Million Kazakh Citizens Leaked

Kazakhstan has experienced one of the most extensive personal data breaches in its history. According to Olzhas Satiev, President of the Center for Analysis and Investigation of Cyber Attacks (CARKA), over 16.3 million records, representing nearly the entire population, have been made publicly accessible. Scope of the Breach The compromised data includes surnames, first names, patronymics, gender, date of birth, individual identification numbers (IIN), addresses, phone numbers, citizenship, ethnicity, and other sensitive details. The source of the leak has not been identified. Experts suggest it may be a compilation of previously hacked databases redistributed via closed Telegram channels. Alternatively, it could stem from a new, as yet undetected breach. “This is one of the largest leaks. An investigation is currently underway. We are awaiting information from the technical service of the National Security Committee (KNB),” said Satiev. Government Response and Ongoing Investigation The Ministry of Digital Development, Innovation and Aerospace Industry (MCIA) stated that it is closely monitoring the incident. The ministry’s Information Security Committee, in cooperation with law enforcement and intelligence agencies, is analyzing the leaked data and verifying its relevance. Initial assessments suggest the breach likely originated from private information systems. The MCIA emphasized that no cyberattacks on government databases have been detected. “It is premature to draw final conclusions or confirm the accuracy of the leaked information until the investigation concludes,” the ministry said. Individuals affected by the leak will be notified through the e-government portal. The ministry also noted that previous leaks involved outdated information sourced from microfinance organizations and other commercial entities. Combating the Shadow Data Market Separately, the Ministry of Internal Affairs recently dismantled an organized group involved in the illegal sale of personal data. Authorities say the group accessed state databases and distributed information through Telegram channels, often in cooperation with debt collection agencies. More than 140 individuals, including channel administrators and company executives, were detained. Five suspects remain in custody. Investigators seized over 400 pieces of computer and electronic equipment. “The information was obtained from state databases and distributed through Telegram channels. Work is ongoing to identify all parties involved,” said Zhandos Suinbay, head of the Interior Ministry’s cybercrime division. Criminal proceedings have been launched under Articles 205 (unlawful access to information), 147 (violation of privacy), and 211 (distribution of restricted data) of the Criminal Code of Kazakhstan. The Interior Ministry vowed to intensify efforts to prevent further data breaches and urged citizens to be cautious, particularly when sharing personal information or using unsecured digital platforms.

Uzbekistan Moves to Regulate AI and Protect Personal Data

Uzbekistan's Legislative Chamber of the Oliy Majlis (Parliament) has approved a new bill in its first reading that seeks to regulate the use of artificial intelligence, and introduce legal accountability for the misuse of personal data involving AI technologies. The bill was reviewed during a parliamentary session on April 15 and is designed to safeguard personal privacy in the face of rapidly advancing AI capabilities. It proposes penalties for the unauthorized processing and dissemination of personal data, particularly through online platforms and the media, when artificial intelligence is involved. Balancing Innovation and Risk Lawmakers noted that global investment in AI reached $154 billion in 2023 and was expected to double in 2024, with projections of a tenfold increase by 2030. Uzbekistan is actively working to integrate AI across various sectors, including industry, public administration, crime prevention, and environmental management. However, the government has also raised alarms about the risks posed by unregulated AI use. In particular, concerns have grown over privacy violations stemming from deepfake content and manipulated media. In 2024 alone, incidents involving fake AI-generated images and videos of public figures increased fiftyfold. The number of reported cases involving illegal use of AI-generated content rose from 1,129 in 2023 to 3,553 in 2024. Key Provisions of the Bill The proposed legislation formally defines “artificial intelligence” and sets out the government’s policy approach toward its development and application. It includes requirements for labeling AI-generated content and bans uses of AI that could undermine human dignity, personal freedoms, health, or individual rights. If adopted into law, the bill would mark a significant step toward establishing ethical and legal norms for AI deployment in Uzbekistan, amid growing global concern over the unchecked use of emerging technologies.