Cybercrime , Fraud Management & Cybercrime , Incident & Breach Response

Bulgarian Authorities Arrest Suspect in Massive Data Breach

20-Year-Old Charged as Investigation Continues
Bulgarian Authorities Arrest Suspect in Massive Data Breach
Bulgaria's National Revenue Agency was hacked in June (Photo: Vassia Atanassova via Wikicommons/CC)

Bulgaria's national cybercrime unit has arrested a 20-year-old local man for his alleged role in breaching the country's tax servers and exposing the financial details and other personal data of nearly 5 million citizens, according to news media reports.

See Also: How to Hunt Threats Like Elite Defenders with Open NDR + MITRE ATT&CK®

The suspect is described in local news reports as a "white hat" hacker.

The Sofia City Prosecutor's Office, which is handling the case, charged the man with "having unlawfully copied computer data from a [National Revenue Agency] server," according to a statement. In Bulgaria, that charge is punishable by up to eight years in prison. Prosecutors also noted that the suspect works for a security testing company, but the company was not involved in the data breach, according to the statement.

It's not clear if police and prosecutors believe the man worked alone or was involved with other hackers, but the BBC noted that the investigation is continuing.

Bulgarian authorities are investigating whether the tax agency did not do enough to protect its data. The agency could face a possible €20 million ($22.4 million) fine if it’s security measures were inadequate, according to the BBC.

Massive Breach

In late June, a hacker stole about 11 GB of data from the National Revenue Agency's 110 databases, which contains names, personal identification numbers, home addresses, and financial earnings of nearly 5 million Bulgarian citizens, according to news reports. The country has a population of about 7 million. The hacker appears to have exploited a number of unspecified weaknesses in these databases, some of which date back to 2007, according to news reports.

While the breach happened sometime in June, the incident came to the public's attention on Monday, when someone identifying themselves as a Russian hacker emailed to several media outlets files purported to contain stolen data, Reuters reports.

According to local newspaper 24 Chasa, investigators confiscated from the suspect two laptops and another PC that contained stolen data.

Yavor Kolev, the head of the cybercrime division of the General Directorate for Combating Organized Crime, which is part of Bulgaria's Interior Ministry, told the newspaper: "We are almost certain that we have identified a suspect who has been involved in the attack, and all the evidence shows the person is involved in the attack."

A Motive?

In the email to the news media, the individual claiming to be the hacker mentions that the motive behind the attack is to highlight the poor cybersecurity measures of the Bulgarian government.

The country recently has seen a significant rise in cybercrimes, with fraud such as ATM skimming, computer hacking and ransomware-related incidents becoming more common, according to news reports.

Bulgarian criminals play a significant role in ATM and credit card skimming-related fraud across the world, according to a report by the U.S. State Department's Overseas Security Advisory Council.

About the Author

Akshaya Asokan

Akshaya Asokan

Senior Correspondent, ISMG

Asokan is a U.K.-based senior correspondent for Information Security Media Group's global news desk. She previously worked with IDG and other publications, reporting on developments in technology, minority rights and education.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.