Bulgaria faces the largest data breach in its history after a hacker (or group of hackers) sent gigabytes of data of more than 70% of Bulgarian citizens to local media allegedly containing personal and identifiable information inside a downloadable database.
The database was allegedly extracted from the country’s National Revenue Agency (NRA), a department of the Bulgarian Ministry of Finance, and was said to have include 11 gigabytes of information of about five million out of the seven-million population in the small European country.
According to the local media who have received the email containing a downloadable CSV file that allegedly includes private information of people in Bulgaria, the contents in the database are hard to tell.
The hacker/s brag about stealing more than 110 databases from all over NRA’s with a total of 21 gigabytes of data in it. However, the threat actor/s only shared 57 databases to local media outlets, which comprise 11 gigabytes of allegedly private information with a promise to release more in the coming days.
Information that allegedly leaked by the hacker/s
The 57 databases leaked to local media include information such as names, personal identification numbers (PINs), home addresses, and financial earnings. While most of the database entries were old, dating back to 2007, newer entries were also discovered to be inside the leaked databases.
Aside from information that is generated through transactions with the NRA, some of the leaked data pools included information that the NRA has downloaded from other government agencies. One of the databases includes information extracted from the Department Civil Registration and Administrative Services (GRAO), a database that is described to be similar to “the Social Security Number (or similar) identification in other countries.”
“They are in CSV format and apparently are exported from databases – columns are named with code numbers or short explanations. Therefore, without decryption, there is no way to know what is behind them. However, there are indications of what’s inside. Folder names give some insight into the institution where their data and character come from. For example, there are the AZ (Employment Agency), BACIS (Bulgarian Excise Centralized Information System), NZOK (National Health Insurance Fund), AUAN, etc., as well as several NRAs or NAPs. There are folders that appear to contain tax returns for years up to 2007,” local news agency, Capital, reports.
The hacker contacted local media outlets through a Yandex.ru email address and included a variation of a quote from WikiLeaks founder Julian Assange. The quote roughly translates from Bulgarian to “Your government is stupid. Your cybersecurity is a parody.”
Nonetheless, it is still unclear what the motive of the hacker or the group of hackers is for leaking such magnitude of data.
Demand for Finance Minister Chief’s resignation
Following the reports of the data breach that possibly affected more than 70% of the Bulgarian population, a statement was released by the NRA on Monday saying that they are investigating the matter.
“The NRA and the specialized bodies of the Ministry of the Interior and the State Agency for National Security (SANS) check the potential vulnerability of the National Revenue Agency’s computer system,” said NRA in a statement posted on their website.
While the NRA confirms that there were databases that were leaked, they did not, however, confirm if the data included in the leaked CSV file are real and actual data from their own database.
“We are currently verifying whether the data is real,” the NRA added.
The political chaos created by the data breach has had political opposition to demand accountability from the NRA. Rightly after the news broke out in Bulgaria, many opposition politicians have called for the resignation of Finance Minister Vladislav Goranov.
“[Translated] The job of the Minister of Finance is not just to be an accountant of the state but to prioritize sectors where there is an urgent need for important reforms. Mr. Goranov does not do not only so, but also actively blocks a number of such reforms, including e-government and cybersecurity and we believe that it is time for Minister Goranov to bear political responsibility and to resign because of the risks his subordinate structures have left for thousands of citizens and their businesses to be exposed to [missing text],” said in a media position of Democratic Bulgaria, the political opposition in the country.