A Bulgarian cybersecurity worker hacked the National Revenue Agency (NRA) database and exposed the data of more than 5 million Bulgarian taxpayers.
In a country of just seven million people, the hack means that the majority of working adults have been impacted. The hack resulted in the theft of personal information including social security, bank and salary information.
Following an investigation, 20-year-old Kristian Boykov was arrested in Bulgaria’s capital Sofia in connection to the breach. Police raided his home and office and seized computers and mobile devices with encrypted information.
Yavor Kolev, head of the police’s cybersecurity unit said:
“Overnight, the relevant examination was carried out, a very initial one, which suggests that the suspect is connected to the crime.”
Initially Boykov was charged with cybercrime against government infrastructure, which could see him face a maximum of eight years in jail, however Boykov was handed a lesser charge of crime against information systems. If found guilty, the hacker could now face three years in jail.
Bulgarian blogger and political analyst, Asen Genov, told CNN:
“We should all be angry…The information is now freely available to anyone.
“Many, many people in Bulgaria already have this file, and I believe that it’s not only in Bulgaria.”
Boykov previously made news in Bulgaria in 2017 for hacking the Bulgarian education ministry’s website to expose its vulnerabilities. Many have labelled Boykov as a “white hat hacker” due to the nature of his attacks.
As a result of the data breach, Bulgaria’s tax agency now faces a fine of up to 20 million euros, or 4% of its annual turnover.
Veselin Tselkov, a board member at the Commission for Personal Data Protection said:
“The amount of the sanction depends on the number of people affected and the volume of leaked information.”
Bulgaria’s finance minister has apologised for the attack.
Join our free-to-attend digital event, Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit https://digital.privsec.info/.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.