It seems as every adult Bulgarian has had its personal data compromised, in what looks to be one of the biggest data breaches the country has ever seen. According to media reports, the country’s tax agency, NRA, was breached roughly a month ago. More than 110 databases were compromised, including ‘critically confidential’ information from key administrators.
Finance Minister Vladislav Goranov said about three per cent of the agency’s database was affected.
The hacker, which claims to be of Russian origin, emailed local media on Monday, offering access to the stolen data. His motives are unknown at this time, but according to Reuters (and based on local media reports), the hacker wants to show the NRA’s failed cybersecurity protocols.
The data that was stolen includes personal identification numbers with income, social security and healthcare figures, for more than a million people.
Bulgaria’s finance minister, Vladislav Goranov, issued a public apology, adding that whoever tries to abuse this data “would fall under the impact of Bulgarian law”.
Local cybersecurity experts are saying the scale of the attack was huge.
“To the best of my knowledge, this is the first publicly known major data breach in Bulgaria,” said cybersecurity researcher Vesselin Bontchev. “It is safe to say that the personal data of practically the whole Bulgarian adult population has been compromised.”
Local journalist Atanas Chobanov called the attack “a dangerous bomb”.
Among the things the government plans on doing, going forward, is asking EU cybersecurity agencies for help, by auditing the country’s most sensitive systems.