Bulgaria Arrests Suspect in Country’s Biggest Data Breach

News

A twenty-year-old cybersecurity worker was arrested and charged on Tuesday with hacking the personal and financial records of five million Bulgarian taxpayers, according to Reuters.

July 18, 2019

 

It is the biggest ever data breach in Bulgaria’s history and has compromised the information of nearly every working adult in a country of seven million people. Bulgaria’s tax agency, the National Revenue Agency (NRA), now faces a fine of US$22.4 million. 

The NRA confirmed the attack in a statement on Monday and said it was continuing to investigate alongside the Ministry of Interior and the State Agency for National Security.  

The suspect was identified by local media as Kristian Boykov, an employee of the U.S. cybersecurity firm TAD Group. His job allegedly entailed testing computer networks for vulnerabilities in order to protect them from cyber attacks.

At a meeting on Wednesday, Bulgarian Prime Minister Boyko Borissov described Boykov as a “wizard” hacker and seemed to praise his intelligence, saying the state ought to hire similar “unique minds” to work for it. 

However, some experts have negated his assessment, saying that the unsophisticated attack succeeded due to inadequate security measures at the NRA. 

“The reason for the success of the attack does not seem to be the sophistication of the hacker, but rather poor security practices at the NRA,” Bozhidar Bozhanov, chief executive at cybersecurity firm LogSentinel, told Reuters. 

Widespread news of the attack spread on Monday after numerous local media received nearly 11 GB of the stolen data in anonymous emails from a source claiming to be the perpetrator, according to local news

The suspect, who claimed to be a Russian national married to a Bulgarian woman, threatened that if the Bulgarian government tried to cover up “the truth” behind the attack, the total volume of stolen data, 21 GB, would be made publically available. He did not elaborate on what he meant by “the truth.”

Kapital, one of the news sources that received the anonymous email, reported that the files contained people's names, addresses, earnings, and even PIN numbers. The data included photos of people as well as information about their monthly contributions to retirement funds and health insurance plans.

The information in the files comes from various points in time. Some of the data was acquired a decade ago while other entries were taken from information acquired last month. 

According to Reuters, the attack occurred in June and compromised 3% of the NRA’s database. Boykov, if found guilty, could face up to eight years in prison.