Arrow left dark
Newsletter icon SUBSCRIBE

And finally… hackers ridicule nation’s security bosses after tax office attack

Clock icon Reading time: 2 minutes

A massive cyber attack on Bulgaria’s tax office might have compromised the security of almost all adult residents’ information and left officials the subject of ridicule from the hackers.

The major security breach came to light after a person claiming to be a Russian hacker contacted local media on Monday offering access to the stolen data.

According to Reuters, the country’s finance minister has since confirmed that hackers infiltrated the National Revenue Agency’s (NRA) network at the end of June, and one of the tax agency’s officials said the attack likely originated from outside the country.

A person claiming to be a Russian hacker told the Bulgarian media that their group was responsible for the attack in an email sent via a Russian address.

The email’s author said they infiltrated 110 databases that contain sensitive data, including “critically confidential” information.

They also claimed that their attack affected 5 million Bulgarian citizens, foreign citizens and companies — an enormous number for a country with a population of 7 million. In an announcement posted on its website on July 15th, the NRA said that local media received an email with a download link for files allegedly belonging to the Bulgarian Ministry of Finance.

The self-proclaimed hackers also told the media in the email that the initial leak only contains 11GB of data, and that they have 10GB more in their hands.

Bulgarian newspaper 24 Chasa, Reuters said, reported that one emailed file contained over 1.1 million personal ID numbers with people’s income and healthcare information, as well as social security numbers. Further, some of the records dated back to 2007.

Bulgarian Finance Minister Vladislav Goranov said, however, that while millions of records were involved, the leaked information wasn’t classified and didn’t endanger financial stability.

The attackers’ motives and point of entry aren’t entirely clear at this point.

“The state of your cybersecurity is a parody,” the hackers reportedly wrote in the email, indicating that they wanted to highlight the NRA’s lack of strong cybersecurity measures.

Officials also believe that they might have gained access to the agency’s database by exploiting a weakness connected to filing tax returns from outside the country.

Share icon
Share this article: