Latest in Gear

Image credit: Dimitar Kyosemarliev / Reuters

Bulgarian tax agency breach may have compromised 5 million people

The country only has a population of 7 million.
175 Shares
Share
Tweet
Share
Save

Sponsored Links

Dimitar Kyosemarliev / Reuters

Bulgaria's government is dealing with a massive security breach that might have affected almost all adult residents' information. According to Reuters, the country's finance minister has confirmed that hackers infiltrated the National Revenue Agency's (NRA) network at the end of June, and one of the tax agency's officials said the attack likely originated from outside the country. A person claiming to be a Russian hacker told the Bulgarian media that their group was responsible for the attack in an email sent via a Russian address.

The email's author said they infiltrated 110 databases that contain sensitive data, including "critically confidential" information. They also claimed that their attack affected 5 million Bulgarian citizens, foreign citizens and companies -- an enormous number for a country with a population of 7 million. In an announcement posted on its website on July 15th, the NRA said that local media received an email with a download link for files allegedly belonging to the Bulgarian Ministry of Finance.

The self-proclaimed hackers also told the media in the email that the initial leak only contains 11GB of data, and that they have 10GB more in their hands. Bulgarian newspaper 24 Chasa, Reuters said, reported that one emailed file contained over 1.1 million personal ID numbers with people's income and healthcare information, as well as social security numbers. Further, some of the records dated back to 2007.

Bulgarian Finance Minister Vladislav Goranov said, however, that while millions of records were involved, the leaked information wasn't classified and didn't endanger financial stability.

The attackers' motives and point of entry aren't entirely clear at this point. "The state of your cybersecurity is a parody," the hackers reportedly wrote in the email, indicating that they wanted to highlight the NRA's lack of strong cybersecurity measures. Officials also believe that they might have gained access to the agency's database by exploiting a weakness connected to filing tax returns from outside the country.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
175 Shares
Share
Tweet
Share
Save

Popular on Engadget

Engadget's 2019 Back-to-School Guide

Engadget's 2019 Back-to-School Guide

View
Dell's XPS 13 now comes with the latest Intel 10th-gen processors

Dell's XPS 13 now comes with the latest Intel 10th-gen processors

View
Microsoft won't release more Xbox exclusives on rival platforms

Microsoft won't release more Xbox exclusives on rival platforms

View
‘Need for Speed Heat’ isn’t anything like ‘Payback’

‘Need for Speed Heat’ isn’t anything like ‘Payback’

View
The Morning After: About that fourth 'Matrix' movie

The Morning After: About that fourth 'Matrix' movie

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr