Data of Nearly Every Adult in Bulgaria Likely Stolen in Cyberattack

The Alexander Nevsky Cathedral and National assembly building in Sofia, BulgariaImage: Getty
Someone stole the personal and financial information of millions of Bulgarian taxpayers—likely the majority of the adult population.Bulgaria police head of cybersecurity Yavor Kolev said on Wednesday an unidentified 20-year-old cybersecurity worker was arrested on Tuesday on suspicion of involvement in a hack that took taxpayer sensitive data, according to a Reuters report.

Advertisement

The Bulgarian public first caught light of the hack on Monday, after someone claiming to be the hacker behind the attack contacted several local media outlets to say that they had stolen the personal information of more than five million citizens (in a country with a population of 7 million), and shared some of the data they had stolen. As ZDNet points out, the supposed hacker emailed the news outlets from a Yandex.ru email address. Their communication included quotes from Julian Assange and the message, “Your government is stupid. Your cybersecurity is a parody.” The person told at least one outlet they are a Russian citizen.
The National Revenue Agency (NRA) released a statement on Monday, stating it is investigating the matter with the State Agency for National Security and the Ministry of the Interior. On Tuesday, Interior Minister Mladen Marinov confirmed the attack to Bulgaria’s bTV network.

Advertisement

Kolev said the man police arrested in association with the crime works as a tester for vulnerabilities in computer networks, but they also dabbled in crime. “In his life, he has been on both sides,” Kolev told Reuters.Reuters reports that the Bulgarian Industrial Association, the nation’s leading non-government business organization, warned about vulnerabilities in the NRA’s system last year, and have insisted that every company and person affected by this breach receive a report on the recent breach.

Advertisement

Commission for Personal Data Protection board member Veselin Tselkov told Reuters the NRA could face a fine of 20 million euros ($22.43 million) for the breach, but the sanction will depend on how many people were affected and how much information was leaked.

Similar Articles:

Michigan Attorney General asking for information on major data breach

Michigan Attorney General asking for information on major data breach

Quest Diagnostics Says Up to 12 Million Patients May Have Had Financial, Medical, Personal Information Breached

Quest Diagnostics Says Up to 12 Million Patients May Have Had Financial, Medical, Personal Information Breached

Data breach in Michigan may have exposed personal, medical information of 600,000 people

Data breach in Michigan may have exposed personal, medical information of 600,000 people

Your data was probably stolen in cyberattack in 2018 – and you should care

Your data was probably stolen in cyberattack in 2018 – and you should care