Roskomnadzor has received information regarding the leakage of data belonging to Russian customers of multiple microfinance organizations and has initiated response measures. This was confirmed by a representative of the supervisory department to RBC. The incident involves the alleged hacking of the infrastructure of the Finance Company “Robofinance”, which serves various MFIs including “Buser” in Russia and Kazakhstan, “Digido” in the Philippines, and “Vietloan” in Vietnam.
- “Buser” in Russia – 16.8 million customers;
- “Buser” in Kazakhstan – 2 million customers;
- “Digido” in the Philippines – 5 million customers;
- “Vietloan” in Vietnam – 2 million customers.
The hackers claim that the compromised data dates back to March 2024.
The website of Kazakhstani “Buser” has stated that they are actively investigating the incident and verifying the information. According to their statement, “Personal rooms of the Borrowers of the MFO” Robox.KZ “are reliably protected. The MFI does not store information about bank cards and accounts of its customers, as the process of issuing microcredit electronically using such data is handled by an independent third-party processing company,” said.
Kazakhstani authorities have announced plans to conduct unscheduled inspections on companies involved in the data leak of its citizens. They stated, “After the inspections, companies found in violation of legislation requirements will be given instructions to rectify the violations, along with administrative fines ranging from 100 to 1000 MCI, based on the severity of the offense. An MCI is a monthly calculation indicator used for penalties and taxes in Kazakhstan, with the 2024 rate being 3692 tenge, equivalent to approximately 750 rubles.”
According to RBC, the Ministry of Cyphra in Kazakhstan has also sent notifications to individuals whose data was compromised, cautioning them about potential risks from scammers.
On March 14,