Bulgaria, an Eastern European country of 7 million people is a recent victim of a large-scale data breach, as its state tax agency’s tax information storage servers were hacked last June 2019. No other than its Minister of Finance, Vladislav Goranov issued a public apology for the incident that happened under his watch. Security researchers believe that all Bulgarians in the country’s internal workforce who pays their taxes had their tax data stolen by still unknown hackers. Which is denied by the government, as the Finance Ministry claims that only 3% of the database were penetrated and the data that was leaked is not substantial enough to cause state-level financial instability for Bulgaria.
“To the best of my knowledge, this is the first publicly known major data breach in Bulgaria. It is safe to say that the personal data of practically the whole Bulgarian adult population has been compromised,” explained Vesselin Bontchev, Bulgarain Academy of Sciences Assistant Professor when asked to comment.
There is no conclusive data yet on how the incident happened, but it is linked with someone that uses a Russian-sounding email address. The Ministry of Finance refused to release actual numbers of affected citizens, permanent residents, and foreigners but the numbers are estimated to reach 5 million people. Local mainstream media in the country keep on pounding on Bulgarian government’s negligence in securing the tax information of individual taxpayers in the country, mostly blamed due to corruption.
The country’s prime minister, Boyko Borissov issued an order to convene Bulgaria’s National Security Council to help devise ways for official government intervention to address the issue, which already reached national-level problem. The government, more particularly NRA (the National Tax Agency) has not disclosed who or what is their suspected perpetrator behind the attack, however, certain concerned quarters said that the records stolen were from 2007 till the present. Bulgaria has already asked assistance from the European Union’s Cybersecurity Agency in conducting system and technical audit of NRA servers in the hopes of completing the missing puzzles that transpired in the data breach incident.
“The amount of the sanction depends on the number of people affected and the volume of leaked information,” said Veselin Tselkov, Commission for Personal Data Protection Board Member.
At the time of this writing, Bulgarian law enforcement personnel were able to arrest a 20-year old cybersecurity employee, as a suspicion that he is behind the NRA hacking emerges. His computers at home and in the office were confiscated by the authorities, which they later found-out containing questionable encrypted data.
“Overnight, the relevant examination was carried out, a very initial one, which suggests that the suspect is connected to the crime,” said Yavor Kolev of the Bulgarian Police Cybersecurity Unit. The prime minister himself described the 20 year old suspect as being a computer wizard, regretful that an incident such as the NRA hack happened, but he underscored that highly computer knowledgeable people should be hired by the government instead of being the antagonist of society.
“The reason for the success of the attack does not seem to be the sophistication of the hacker, but rather poor security practices at the NRA,” emphasized Bozhidar Bozhanov, CEO of LogSentinel, a cybersecurity firm which also operates in Bulgaria.