A hacker (or hacker group) has stolen the personal data of millions of Bulgarians and has emailed download links to the stolen data to local media. The origin of the data is considered to be the country’s National Revenue Agency (NRA) which is a department of the Bulgarian Ministry of Finance.
The NRA posted a message on their website stating that they are working with the Ministry of the Interior and the State Agency for National Security (SANS) to investigate about the hack and the Bulgarian Ministry has confirmed the hack.
The local news publications who received part of the data reported that the hacker stole the personal details of more than five million Bulgarians out of the country’s total population of seven million.
The hacker claimed about stealing 110 databases from NRA’s network, totaling around 21 GB. The hacker shared 57 databases totaling almost 11 GB of the aggregate data with local media. They have promised to release the remaining in the coming days.
The data leaked includes names, personal identification numbers (PINs), home addresses, and financial earnings. Most of the information dates back to 2007, but there were some new database entries as well.
Besides NRA-specific information, info imported into NRA systems from other government agencies was also found to be leaked.
The leaked data also contained information from Department Civil Registration and Administrative Services (GRAO), a database the department described similar to “the Social Security Number identification in other countries.
Information belonging to Bulgaria’s customs agency, the Bulgarian Excise Centralized Information System (BECIS) which is a database for storing information about excise taxes for imported goods was found.
The hacker contacted local media from a Yandex.ru email address and also included a quote similar to that from WikiLeaks founder Julian Assange that translates from Bulgarian to “Your government is stupid. Your cybersecurity is a parody.”
The hacker on an interview with a Bulgarian TV station, claimed that he was a Russian man married to a Bulgarian woman, which is not sure. He also stated that he has access to the NRA’s network for more than 11 years.