The Reveal Platform
Interteach is a leading private insurance company in Kazakhstan, founded in 1989 with WHO’s support. It was the first licensed insurer in the country. Known for its strong presence in health and medical insurance, Interteach operates over 30 clinics nationwide and serves both individuals and businesses. With a focus on technology, quality service, and social responsibility, it is a trusted partner for major national and international clients.
On September 22, 2025, a hacker claimed to have broken into Interteach’s systems and copied significant amounts of sensitive data, including names, passwords, emails, birthdates, national ID numbers (IIN), and passport details. They also accessed scanned passport documents and internal company files stored in a document system. The hacker states they erased everything from Interteach’s servers after backing it up on their own. All regional branches, such as Almaty, Aktau, Tengiz, and others, are affected, and the company’s websites now display database errors, indicating they are likely offline. The hacker also mentioned that much of the data is in Kazakh or Russian, which makes sorting through it more difficult.
And the same post was posted in the Telegram “Shinyhunters” group as well with all samples data. And here the actor mentioned the price (10k$) of the data as well.
The following items are included in the provided samples:
In the screenshot below, someone is filling out an online travel insurance form on Interteach’s website for a trip to Spain.
And the below screenshot contains the information about the thousand plus customers Full names, Ids, Login mail ids, passwords, Date of Birth, Passport number.
The screenshot below contains customer information about an international travel insurance document. It provides details about a person’s travel coverage.
The insurance policy covers health emergencies, including COVID-19, and provides information about the insured person, such as their name, birthdate, passport number, and contact details. It also specifies the coverage period, the total cost of the insurance, the amount covered in the event of illness or emergency, and the insurance provider (JSC “KK ZIMS” INTERTEACH). Additionally, the document includes payment details and the geographical area covered by the insurance.
The screenshot contains a letter from the Consular Department of the Ministry of Foreign Affairs of Kazakhstan, addressed to Vitaliy V*********h, the president of the “Association of Insurers of Kazakhstan.”
It says that the Ministry has sent a message to foreign embassies and consulates, explaining that insurance contracts for foreign travelers leaving Kazakhstan can be signed electronically. These contracts do not need to be printed on paper. The letter concludes by stating that the Ministry is awaiting a response to this message.
The screenshot below contains customer information about a birth certificate from Kazakhstan. It contains essential details about the individual’s name. The certificate includes birthdate, place of birth, and information about her parents, including their names and nationalities. The certificate also states the birth registration. The civil registration office in Almaty, Kazakhstan, issues the document.
The Interteach Insurance data breach highlights how sensitive customer information, including passports, IDs, and personal details, can be exposed through cyberattacks. Such incidents emphasize the importance of strong cybersecurity measures, ongoing monitoring, and employee awareness. Organizations must act proactively to secure their systems, protect customer data, and detect anomalies early. Using tools such as Gurucul Next-gen SIEM can help identify suspicious activity and prevent potential breaches from escalating.
