The Bulgarian attack impacted almost all tax information for the entire country.
A pair of notable hacks on government targets have come to light: One, an attack affecting nearly the entire country of Bulgaria; and two, a hack of Russia’s main security agency (FSB) that represents the largest data heist ever experienced there.
In Bulgaria, cybercriminals were able to infiltrate the country’s tax revenue office, lifting personal data of 5 million Bulgarians. Bulgaria has just 7 million people, meaning that almost every adult is impacted. The compromised information includes retirement pension information, addresses, incomes and names, all of which was made available on the internet, according to reports.
A National Revenue Agency spokesman offered few details on the attack, though the hack is believed to have happened in June. The Bulgarian Commission for Personal Data Protection said it has launched an investigation into the hack.
“As there is undergoing investigation, we couldn’t provide more details about reasons behind the hack,” agency Communications Director Rossen Bachvarov told CNN.
Meanwhile, Kristian Boykov, a 20-year-old Bulgarian cybersecurity worker, was arrested in the Bulgarian capital of Sofia last week in connection to the breach, according to NPR. A police raid saw the seizure of computers and mobile devices with encrypted information. At first, Boykov was charged with a hack against critical infrastructure, with a maximum sentence of eight years in jail. However, the charges were dropped and replaced with the charge of crime against information systems, which carries a maximum jail sentence of three years.
The breach wasn’t uncovered until an email from a Russian email address was sent to Bulgarian news outlets last week claiming responsibility for the attack, and mocking Bulgaria’s security as weak. It’s unclear if regulators will find lax security to be the issue, but under the European Union’s GDPR data privacy regulation, the Bulgarian government could face a fine of up to $22.4 million, according to NPR.
More: https://threatpost.com/government-hacks-russia-bulgaria/146587/Russia, Bulgaria