Bulgaria, The Eastern European country has suffered the biggest data breach in the history of data breaches that have compromised personal and financial information of 5 million adult citizens out of its total population of 7 million people. As per a lot of sources in local Bulgarian media, an unknown hacker earlier this week had emailed them some download links to 11 GB of the stolen data that included taxpayer’s personal identifiable numbers, addresses, and financial data.
In a concise statement that has been released on Monday, the National Revenue Agency (NRA) of Bulgaria said the stolen data originates from the country’s tax reporting service. The NRA has also indicated that the Ministry of the Interior and the State Agency for National Security (SANS) has started taking an assessment of the potential vulnerability in the NRA’s systems that attackers might have exploited to breach into its databases to attain the data. It seems that until now, the hacker, who claimed to be a Russian man, has only released 57 out of a total of 110 compromised databases, which is about 21GB in total. In a follow-up announcement, the NRA said that almost 20 days ago, the attacker has unauthorized accessed about 3 percent of the information contained in their databases.
As consequences of the incident, Bulgaria’s NRA tax agency is now facing a fine of up to 20 million Euros accounting to $22.43 million or 4% of the agency’s annual turnover over the data breach, as said by Prof. Veselin Tselkov, who is a member of the Commission for Personal Data Protection.
Bulgarian police have also successfully arrested a 20-year-old “white-hat hacker” as the main suspect for the NRA data breach after authorities had raided his home and office in the capital Sofia and seized his computers containing encrypted data, according to a local media. The arrested suspect, Christian Boykov, is a cybersecurity expert who has been training the officers of the GCDPC for fighting against organized cybercrime. Boykov was in the news two years ago as well, when he found a vulnerability in the website of the Ministry of Education and Science (MES) and contacted “Lords of the Air,” a popular TV show to tell the story only after the ministry ignored his initial disclosure. After that incident, Boikov was hired as an ethical hacker by the global cybersecurity company “TAD Group,” and at the moment of arrest, he was an active employee of the company, where his job responsibility was to pentest the systems in the state agencies and private companies for potential vulnerabilities.
Image Source: https://www.zawya.com
Since the investigation is still ongoing, at this moment, it’s absolutely not clear if he is truly behind the NRA data breach. Nevertheless, the Sofia City Prosecutor’s Office accused Boykov of unauthorized access to a computer system that is part of the critical infrastructure of the state. His lawyers say there is no evidence against the accused, but if proven guilty, Boikov—who has zero past criminal record—could face up to 8 years in prison.
Source: The Hacker News
Disclaimer: Darkweblink.com does not promote or endorse claims that have been made by any parties in this article. The information provided here is for the general purpose only and unintended to promote or support purchasing and/or selling of any products and services or serve as a recommendation in the involvement of doing so. Neither Darkweblink.com nor any member is responsible directly or indirectly for any loss or damage caused or alleged to be caused by or in relation with the reliance on or usage of any content, goods or services mentioned in this article.