In systemic breach, hackers steal millions of Bulgarians' financial data

SOFIA (Reuters) - Bulgaria’s finance minister apologized to the country on Tuesday after admitting hackers had stolen millions of taxpayers’ financial data in an attack that one researcher said may have compromised nearly every adult’s personal records.

A police car passes past Bulgaria's National Revenue Agency building in Sofia, Bulgaria, July 16, 2019. REUTERS/Dimitar Kyosemarliev

The breach of servers at the tax agency (NRA) happened at the end of June and an official there said it was probably carried out from abroad. A person claiming to be a Russian hacker emailed local media on Monday offering access to the stolen data.

The reason for the attack was not immediately clear.

But the email’s author, who described the government as corrupt, said hackers had compromised more than 110 databases, including “critically confidential” information from key administrations, some of which was being offered to journalists.

Finance Minister Vladislav Goranov said about 3% of the agency’s database was affected, involving millions of records in the nation of seven million, though the leaked information was not classified and did not endanger financial stability.

Summoned to parliament for an explanation, he apologized “to all Bulgarian citizens who have been made vulnerable”.

He said anyone who attempted to exploit the data “would fall under the impact of Bulgarian law”, and initial analysis of the information that had become public showed it was not enough to draw “substantive conclusions” about any citizen’s financial situation.

There was no immediate comment from authorities in Moscow, which have consistently denied accusations from foreign governments of Russian involvement in a spate of cyber attacks against mostly western interests.


Cyber security researcher Vesselin Bontchev, assistant professor at the Bulgarian Academy of Sciences, said the scale of the hack was huge.

“To the best of my knowledge, this is the first publicly known major data breach in Bulgaria,” he said. “It is safe to say that the personal data of practically the whole Bulgarian adult population has been compromised.”

The purported hacker’s email, seen by Reuters and sent from a Russian email address, said more than 5 million Bulgarian and foreign citizens as well as companies were affected.

Local media speculation about motives for the attack focused on a wish to highlight the NRA’s failure to introduce robust security protocols rather than any attempt to root out corruption. Atanas Chobanov, a journalist for local anti-graft website Bivol called the hack “a bomb that is dangerous” to many different types of people.

According to anti-graft group Transparency International, Bulgaria is the most corrupt state in the European Union.

The country’s leading business organization, BIA, said it had warned the government of possible flaws in its data protection systems a year ago.

Officials said it was possible the hackers had gained access to an NRA database by exploiting a weakness in its system for filing tax returns from abroad.

Bulgarian newspaper 24 Chasa said one emailed file had more than 1.1 million personal identification numbers with income, social security and healthcare figures. Other media reports said the records dated back to 2007.

The prime minister convened the national security council, Interior Minister Mladen Marinov said. On top of a local investigation, Bulgaria planned to seek help from the EU cybersecurity agency to audit its most sensitive systems.

Additional reporting and writing by Jack Stubbs; editing by John Stonestreet