SOFIA (Reuters) – Hackers have stolen the financial data of millions of Bulgarians from the country’s tax agency, the government said on Tuesday, in an attack that one researcher said may have compromised nearly every adult’s personal records.
The attack on the National Revenue Agency (NRA) happened at the end of June and was probably carried out from abroad, officials said. It came to light after a person claiming to be a Russian hacker contacted local media on Monday offering access to the stolen data.
“We have compared 30% of the data that went public and we confirm that it is the information kept by the NRA,” said its spokesman, Rosen Bachvarov.
“We have certain indications that the attack took place outside the territory of Bulgaria. This is all that we can say for the time being.”
Finance Minister Vladislav Goranov said about 3% of the agency’s database was affected, involving millions of records in the nation of seven million. The leaked information was not classified and did not endanger financial stability, he added.
But cyber security researcher Vesselin Bontchev, a professor at the Bulgarian Academy of Sciences, said potential fallout from the hack was huge.
“To the best of my knowledge, this is the first publicly known major data breach in Bulgaria,” he said. “It is safe to say that the personal data of practically the whole Bulgarian adult population has been compromised.”
TAX RETURN VULNERABILITY
Bulgarian newspaper 24 Chasa said one file emailed by the purported hacker had more than 1.1 million identification numbers with income, social security and healthcare figures. Other media reports said the records dated back to 2007.
“Maybe this is the first case in Bulgaria which is successful and a lot of personal data has been stolen,” Interior Minister Mladen Marinov told local broadcaster bTV.
Officials said it was possible the hackers had gained access to one of the NRA’s more than 60 databases by exploiting a weakness in its system for filing tax returns from abroad.
The prime minister had convened the national security council, Marinov said. On top of a local investigation, Bulgaria planned to seek help from the EU cybersecurity agency to audit its most sensitive systems.
In emails sent to Bulgarian media from a Russian email address and seen by Reuters, a person claimed to be the hacker and a Russian citizen with a Bulgarian wife.
There was no immediate comment from authorities in Moscow.
The email author said hackers had compromised more than 100 databases hosted on finance ministry servers and were offering some of them to journalists to investigate.
“Some of the compromised databases are from key Bulgarian administrations and contain critically confidential information,” the email said. “More than 5 million Bulgarian and foreign citizens as well as companies are affected.”
Additional reporting and writing by Jack Stubbs; Editing by Andrew Cawthorne and John Stonestreet