Hacker causes mass data breach in Bulgaria


A criminal party has stolen the private data of millions of citizens in Bulgaria, and has sent downloaded links to the data to local media.

It is not yet known how many hackers are behind the stunt, but reports suggest that the data was stolen from Bulgaria’s National Revenue Agency (NRA), a branch of the country’s Ministry of Finance.

On Monday of this week, the agency said that it had fallen foul of criminal activity and that it was collaborating with the Minister of the Interior and the State Agency for National Security (SANS) to explore the hack in greater detail.

The NRA said:

“The NRA and the specialized bodies of the Ministry of the Interior and the State Agency for National Security (SANS) check [sic] the potential vulnerability of the National Revenue Agency’s computer system.”

“Earlier today, emails of certain media have been sent a link to download files allegedly belonging to the Bulgarian Ministry of Finance.”

“We are currently verifying whether the data is real.”

According to recipients of the link among local media, the hacker claims they accessed the personal data of over five million Bulgarian citizens, just two million shy of the total population.

The hacker also boasted about taking 100 databases (21GB of data) from the NRA system. While just 57 of these stolen databases were initially shared with the media, the hacker promised to hand out the remaining information in due course.

Residents’ names, personal identification numbers, residential addresses and financial details are believed to be among data caught up in the breach. While most of the information is thought to be fairly old – dating back to 2007, some of the information is also relatively recent.

As well as data taken from the National Revenue Agency, the hacker also stole information which sources believe was imported into the NRA network from other government departments.

The breached data also held details taken from the Department Civil Registration and Administrative Services (GRAO).

Registration now OPEN for PrivSec Global
Taking place across four days from 30 Nov to 3 Dec, PrivSec Global, will be the largest data protection, privacy and security event of 2020.

Reserve your place before 2nd October, and receive VIP access to PrivSec Global which includes priority access to limited space sessions, workshops, networking opportunities and exclusive content.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.