Authorities fine Air Astana and Kazakhtelecom for personal data leakage
Kazakhstani authorities will fine Kazakhtelecom and Air Astana for not doing enough to keep the personal data of Kazakhstanis safe. The two companies will be obliged to pay $825 in fines and correct the violations within the year.
The context. In February, unidentified hackers published data from iSoon (or Anxun), a Chinese contractor for the Ministry of Public Security of China. According to that information, a group of Chinese hackers for two years had maintained access to critical infrastructure of Kazakhstani mobile operators and likely to personal data of Kazakhstanis.
Over the period from 2019 to 2020, beeline.kz lost 637 gigabytes of confidential information, kcell.kz lost 820 gigabytes, tele2.kz — 1.09 terabyte and telecom.kz — 257 gigabytes (in 2021). The Unified Accumulative Pension Fund (UAPF) was also mentioned in the information about the leakage. In 2019, the fund lost 1.92 gigabytes of confidential information. Hackers also published screenshots with data from the Ministry of Defense of Kazakhstan and Air Astana.