Kazakhstan Moves to Strengthen Data Protection Laws After Historic Breach
Kazakhstan is advancing strict new measures to combat personal data leaks, including criminal liability for mass breaches and significantly higher fines for security violations. The proposals, introduced by the Ministry of Artificial Intelligence and Digital Development, follow the country’s largest-ever data breach in summer 2025, which exposed the personal information of over 16 million citizens more than three-quarters of Kazakhstan’s population.
First Deputy Minister Rostislav Konyashkin announced the reforms during a government meeting, emphasizing a "zero-tolerance" policy for mishandling digital data. The changes would align Kazakhstan’s regulations with stricter standards seen in the EU and parts of Asia, where data breaches carry both administrative and criminal penalties. Under the new framework, officials and organizations including government agencies, financial institutions, and private companies could face fines up to $42,500, a sharp increase from the current maximum of $17,000.
The push for tighter controls follows a series of high-profile breaches, including a 2024 leak affecting 2 million clients of the microfinance platform zaimer.kz. President Kassym-Jomart Tokayev has also called for constitutional protections for personal data, framing digital security as a fundamental right in the country’s evolving legal landscape. The reforms reflect Kazakhstan’s broader effort to modernize its cybersecurity framework amid rapid digital transformation.
Source: https://timesca.com/kazakhstan-considere-criminal-liability-for-mass-leaks-of-personal-data/
UnaFinancial cybersecurity rating report: https://www.rankiteo.com/company/unafinancial
"id": "UNA1769103174",
"linkid": "unafinancial",
"type": "Breach",
"date": "6/2024",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '16,000,000+',
'industry': 'Public Sector',
'location': 'Kazakhstan',
'name': "Government of Kazakhstan (Citizens' Data)",
'size': 'National',
'type': 'Government'}],
'data_breach': {'number_of_records_exposed': '16,000,000+',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': 'Personal information'},
'date_detected': '2025-06-01',
'date_publicly_disclosed': '2025-06-01',
'description': 'Kazakhstan experienced its largest-ever data breach in summer '
'2025, exposing the personal information of over 16 million '
'citizens (more than three-quarters of the population). This '
'incident has prompted the government to introduce strict new '
'data protection laws, including criminal liability for mass '
'breaches and higher fines for security violations.',
'impact': {'brand_reputation_impact': 'Significant',
'data_compromised': 'Personal information of over 16 million '
'citizens',
'identity_theft_risk': 'High',
'legal_liabilities': 'Potential under new laws'},
'lessons_learned': 'Need for stricter data protection laws and alignment with '
'international standards (e.g., EU GDPR).',
'post_incident_analysis': {'corrective_actions': 'Proposed reforms to '
'strengthen data protection '
'laws and introduce criminal '
'liability for breaches.'},
'recommendations': 'Implement criminal liability for mass breaches, increase '
'fines for security violations, and modernize '
'cybersecurity frameworks.',
'references': [{'date_accessed': '2025-06-01',
'source': 'Government of Kazakhstan'}],
'regulatory_compliance': {'legal_actions': 'Proposed criminal liability and '
'fines up to $42,500'},
'title': "Kazakhstan's Largest-Ever Data Breach Exposing 16 Million Citizens' "
'Personal Information',
'type': 'Data Breach'}