Aktau City Court of Mangystau region sentenced 25-year - old Elnur A. to three years in prison and banned him from engaging in activities in the field of informatization and communications for the same period.
According to the materials of case No. 4710-23-00-1 / 527 dated December 13, 2023, the programmer received access to the information systems "Unified Register of Administrative Proceedings" (ERAP) and "Unified Notary Information System of the Ministry of Justice of the Republic of Kazakhstan" (ENIS). With their help, he sold the personal data of at least nine people on Telegram.
We are concerned about how the IT specialist managed to get the personal data of Kazakhstanis. It turns out that since 2019, Elnur A. has acquired connections among employees of the Mangystau Region Police Department. He helped them repair their computers, connect to the network, and restore their information.
"In the course of providing computer services, the defendant, abusing trust, by using the official information resources of employees of the DP of the Mangystau region, took possession of personal data of citizens of the Republic of Kazakhstan," the verdict says.
When the requirements for information security of the ERAP IP system were tightened in January 2022, the hacker lost access to it. Then, under the pretext of setting up a scanner, he remotely connected to the computer of a Moscow notary, stole an EDS key from her and used it to gain access to the ENIS IP.
Elnur A. was charged immediately under three articles of the Criminal Code: "Deliberate unauthorized access to an information system "(Article 205 part 2), "Dissemination of information about a person's private life, constituting his personal and family secrets, without his consent" (Article 147 part 4) and " Deliberate illegal acquisition of legally protected information, information contained in the information system" (article 208, part 2, paragraph 1). According to the totality of crimes, he was assigned three years in a medium-security penal colony.
Statistics
According to the ICRIAP, in 2023, more than 30 administrative cases were considered for violation of the law on personal data. Individuals, legal entities and officials were fined 1 * 226,485 tenge. The question of who is to blame for the data leak is still open.
According to the materials of case No. 4710-23-00-1 / 527 dated December 13, 2023, the programmer received access to the information systems "Unified Register of Administrative Proceedings" (ERAP) and "Unified Notary Information System of the Ministry of Justice of the Republic of Kazakhstan" (ENIS). With their help, he sold the personal data of at least nine people on Telegram.
We are concerned about how the IT specialist managed to get the personal data of Kazakhstanis. It turns out that since 2019, Elnur A. has acquired connections among employees of the Mangystau Region Police Department. He helped them repair their computers, connect to the network, and restore their information.
"In the course of providing computer services, the defendant, abusing trust, by using the official information resources of employees of the DP of the Mangystau region, took possession of personal data of citizens of the Republic of Kazakhstan," the verdict says.
When the requirements for information security of the ERAP IP system were tightened in January 2022, the hacker lost access to it. Then, under the pretext of setting up a scanner, he remotely connected to the computer of a Moscow notary, stole an EDS key from her and used it to gain access to the ENIS IP.
Elnur A. was charged immediately under three articles of the Criminal Code: "Deliberate unauthorized access to an information system "(Article 205 part 2), "Dissemination of information about a person's private life, constituting his personal and family secrets, without his consent" (Article 147 part 4) and " Deliberate illegal acquisition of legally protected information, information contained in the information system" (article 208, part 2, paragraph 1). According to the totality of crimes, he was assigned three years in a medium-security penal colony.
Statistics
According to the ICRIAP, in 2023, more than 30 administrative cases were considered for violation of the law on personal data. Individuals, legal entities and officials were fined 1 * 226,485 tenge. The question of who is to blame for the data leak is still open.
