Bulgaria’s Tax Authority Hacked – 5 Million Citizens Exposed

Bulgaria’s Tax Authority has been hacked. 5 Million citizens have now had their personal information exposed.

It’s another reminder that the private sector isn’t the only sector being targeted by hackers. If the government of Bulgaria didn’t know that before (unlikely), they certainly know now. TheNextWeb is reporting that hackers have infiltrated the organization and stolen data from 5 million citizens. The leaking of that personal information is being described as the biggest in the countries history. From the report:

Bulgaria has suffered what has been described as the biggest data leak in its history. The stolen data, which hackers emailed to local media on July 15, originates from the country’s tax reporting service – the National Revenue Agency (NRA).

The breach contains the personal data of 5 million citizens, local outlet Capital reports. To put that into perspective, Bulgaria has a population of 7 million. Among other things, the trove includes personal identifiable numbers, addresses, and even income data.

“The authorities are investigating a potential security breach in the systems of the National Revenue Agency,” the Bulgarian NRA wrote in an announcement on July 15. “Earlier today, local media were emailed a download link to the leaked data, which purportedly originated from the Bulgarian Ministry of Finance.”

In a follow-up announcement, the country’s authorities confirmed the leak at least partially originated from the tax agency. “Our investigation has found that about 3 percent of the data contained in the NRA databases has been accessed without authorization approximately 20 days ago,” the agency wrote on July 16. “The investigation continues in full swing.”

It’s difficult to asses the full extent of what’s inside the leaked databases, but local media says the files date back to 2007. Still, reports suggest some of the data was filed in June, which coincides with the findings of the NRA’s investigation.

The data dumped reportedly comprises of only 57 of the alleged 110 databases that were compromised. It’s unclear what else is compromised. We do know that it’s not just citizens that were compromised. Companies information have also been compromised.

Data leaks and breaches have taken a rather creative turn this month. So far, this month, we’ve reported on the Attunity “keys-to-the-kindom” data leak. As a result, TD Bank and Ford Motor companies have been compromised as a result. Later on, the FDA recalled insulin pumps due to an IOT vulnerability that cannot be patched. Finally, smart home maker SmartMate suffered a data leak. That company saw customers personal information exposed through their devices.

Also this month, we’ve noted the cloud computing company PCM Inc. suffering a data breach. In addition to this, we’ve also noted the Tech Data data leak. Tech Data is a fortune 500 company.

So, all in all, it has been a rather eventful month so far on this front. It’s looking like it’s going to be another busy month this month.

Drew Wilson on Twitter: @icecube85 and Facebook.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: