Servers of Bulgaria’s National Revenue Agency (NRA) have been targeted. The Bulgarians realized it only after a purported hackers, claiming to be Russian, sent an e-mail to the local media, with the aim of selling the stolen data.
On Tuesday, in a significant development, the Bulgarian government stated, hackers have managed to steal the personal data as well as financial data of millions of Bulgarians by breaking into the tax agency’s systems.
According to Bulgaria’s National Revenue Agency (NRA), the attack on its servers took place towards the end of June. The issue dawned on them after a person claiming to be a Russian hacker contacted the local media late on Monday and offered to sell the stolen data.
“We have compared 30% of the data that went public and we confirm that it is the information kept by the NRA,” said NRA’s spokesman Rosen Bachvarov.
According to Bulgarian Finance Minister Vladislav Goranov, around 3% of the NRA’s database was affected; millions of records have been stolen from Bulgaria’s 7 million population.
“The leaked information was not classified and did not endanger financial stability” said Goranov.
According to 24 Chasa, a leading Bulgarian newspaper, a file emailed by the purported hacker contained more than 1.1 million identification numbers showing income, social security and healthcare figures.
“Maybe this is the first case in Bulgaria which is successful and a lot of personal data has been stolen,” said Bulgaria’s Interior Minister Mladen Marinov to bTV, a local TV channel.
The country’s anti-cyber crime teams are investigating the attack.
Following the hacking attack, Bulgaria’s prime minister convened a national security council and stated computers of all state institutions would be checked. Bulgaria has also sought help from the European Union’s cyber security agency to do a full audit of its most sensitive systems.
The e-mail sent to the Bulgarian media shows a Russian email address. The hacker claims to be a Russian citizen married to a Bulgarian.
Authorities from Moscow did not immediately comment on the hacking incident.
According to the e-mail, “Some of the compromised databases are from key Bulgarian administrations and contain critically confidential information. More than 5 million Bulgarian and foreign citizens as well as companies are affected.”
Bulgarian officials believe there are indications that the attack came from abroad, however, they did not elaborate.