Bulgaria’s tax agency was recently hit with a massive cyberattack during which the data of millions of citizens of the country were stolen. This cyberattack resulted in compromising the data of most adults in the country. As of now, the authorities have arrested a 20-year-old suspect.
“It is safe to say that the personal data of practically the whole Bulgarian adult population has been compromised,” said Vesselin Bontchev, a Bulgarian cyber-security researcher and assistant professor at the Bulgarian Academy of Sciences.
While this attack was believed to have occurred in the previous month, it was revealed that the authorities, however, received the email on Monday. It is believed that names, addresses and even a few personal details were compromised during the cyber attack.
The email received on Monday stating the details of the attack is said to have contained an offer for accessing the stolen data and also said that the trove contained details of more than five million people and businesses.
According to the Bulgarian police, they have arrested a man and charged him in connection with the incident. The suspect is known to be a researcher who primarily did vulnerability testing on computer networks for preventing cyber attacks. Yavor Kolev, the head of the cybersecurity unit said that they are yet to conclude if he’s the only one involved or whether more individuals have a connection with this attack.
A representative of the Commission for Personal Data Protection said that the tax agency is slapped with a 20 million euro fine. Bulgarian finance minister Vladislav Goranov had apologized in parliament and said that anyone attempting to exploit data would “fall under the impact of Bulgarian law.”
While the country’s prime minister lauded the attacker as a genius and implied that the country should hire similar “unique brains,” cybersecurity experts say that the attack was pretty basic and reflects more on the poor cybersecurity measures followed by the country.
“The reason for the success of the attack does not seem to be the sophistication of the hacker, but rather poor security practices at the NRA,” said the chief executive of the cybersecurity firm LogSentinel.