Hackers stole financial information about millions of Bulgarians as part of a security incident at the country’s tax agency in what appears to be the largest breach of personal information to ever affect the Eastern European nation.
The National Revenue Agency in a statement Monday said it was working with other government organizations to investigate whether a vulnerability in its computer systems made it possible for hackers to steal financial files. Hackers had previously contacted local media offering access to databases containing millions of rows of personal information about Bulgarian citizens including names, addresses, earning numbers and other financial data. Various media reports suggested the leaked information included data on 5 million of Bulgaria’s roughly 7 million citizens.
While the cause and extent of the breach still are investigation, Finance Minister Vladislav Goranov told journalists that hackers behind the attack contacted Bulgarian media outlets from an email address on Yandex.ru, a Russian domain. Bulgaria’s prime minister convened an emergency meeting on the matter, and the country also has sought assistance from the European Union’s cybersecurity agency, according to the Associated Press.
One file from the hackers included more than 1.1 million personal identification numbers as well as monthly income statements and healthcare spending, according to Newspaper 24 Chasa. Hackers sent reporters 57 databases of compromised information, though they claimed to have access to a total of 110 such files.
In one message, the hacker described Bulgaria’s cybersecurity readiness as a “parody.”