Latest in Gear

Image credit: Dimitar Kyosemarliev / Reuters

Bulgarian tax agency breach may have compromised 5 million people

The country only has a population of 7 million.
177 Shares
Share
Tweet
Share
Save

Sponsored Links

Dimitar Kyosemarliev / Reuters

Bulgaria's government is dealing with a massive security breach that might have affected almost all adult residents' information. According to Reuters, the country's finance minister has confirmed that hackers infiltrated the National Revenue Agency's (NRA) network at the end of June, and one of the tax agency's officials said the attack likely originated from outside the country. A person claiming to be a Russian hacker told the Bulgarian media that their group was responsible for the attack in an email sent via a Russian address.

The email's author said they infiltrated 110 databases that contain sensitive data, including "critically confidential" information. They also claimed that their attack affected 5 million Bulgarian citizens, foreign citizens and companies -- an enormous number for a country with a population of 7 million. In an announcement posted on its website on July 15th, the NRA said that local media received an email with a download link for files allegedly belonging to the Bulgarian Ministry of Finance.

The self-proclaimed hackers also told the media in the email that the initial leak only contains 11GB of data, and that they have 10GB more in their hands. Bulgarian newspaper 24 Chasa, Reuters said, reported that one emailed file contained over 1.1 million personal ID numbers with people's income and healthcare information, as well as social security numbers. Further, some of the records dated back to 2007.

Bulgarian Finance Minister Vladislav Goranov said, however, that while millions of records were involved, the leaked information wasn't classified and didn't endanger financial stability.

The attackers' motives and point of entry aren't entirely clear at this point. "The state of your cybersecurity is a parody," the hackers reportedly wrote in the email, indicating that they wanted to highlight the NRA's lack of strong cybersecurity measures. Officials also believe that they might have gained access to the agency's database by exploiting a weakness connected to filing tax returns from outside the country.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
177 Shares
Share
Tweet
Share
Save

Popular on Engadget

Engadget’s guide to Home Entertainment

Engadget’s guide to Home Entertainment

View
Pixel 4 vs. the competition: The camera battle intensifies

Pixel 4 vs. the competition: The camera battle intensifies

View
The Pixel 4's Recorder app can capture and transcribe simultaneously

The Pixel 4's Recorder app can capture and transcribe simultaneously

View
Google's Nest devices can tell if you're near with 'ultrasound sensing'

Google's Nest devices can tell if you're near with 'ultrasound sensing'

View
Pixel 4 will be available through every major US carrier (updated)

Pixel 4 will be available through every major US carrier (updated)

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr