Hacker causes mass data breach in Bulgaria


A criminal party has stolen the private data of millions of citizens in Bulgaria, and has sent downloaded links to the data to local media.

It is not yet known how many hackers are behind the stunt, but reports suggest that the data was stolen from Bulgaria’s National Revenue Agency (NRA), a branch of the country’s Ministry of Finance.

On Monday of this week, the agency said that it had fallen foul of criminal activity and that it was collaborating with the Minister of the Interior and the State Agency for National Security (SANS) to explore the hack in greater detail.

The NRA said:

“The NRA and the specialized bodies of the Ministry of the Interior and the State Agency for National Security (SANS) check [sic] the potential vulnerability of the National Revenue Agency’s computer system.”

“Earlier today, emails of certain media have been sent a link to download files allegedly belonging to the Bulgarian Ministry of Finance.”

“We are currently verifying whether the data is real.”

According to recipients of the link among local media, the hacker claims they accessed the personal data of over five million Bulgarian citizens, just two million shy of the total population.

The hacker also boasted about taking 100 databases (21GB of data) from the NRA system. While just 57 of these stolen databases were initially shared with the media, the hacker promised to hand out the remaining information in due course.

Residents’ names, personal identification numbers, residential addresses and financial details are believed to be among data caught up in the breach. While most of the information is thought to be fairly old – dating back to 2007, some of the information is also relatively recent.

As well as data taken from the National Revenue Agency, the hacker also stole information which sources believe was imported into the NRA network from other government departments.

The breached data also held details taken from the Department Civil Registration and Administrative Services (GRAO).

Join our free-to-attend digital event, Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit https://digital.privsec.info/.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.