Hackers target Bulgaria’s revenue agency, accessing millions of financial records

Hackers target Bulgaria’s revenue agency, accessing millions of financial records
By Denitsa Koseva in Sofia July 16, 2019

Hackers have attacked the data of Bulgaria’s National Revenue Agency (NAP), getting access to the personal and financial data of millions of Bulgarians and leaking it to several Bulgarian media from a Russian email address.

According to NAP, the released data is authentic and represents 3% of its data, including millions of records sorted in 57 folders in the biggest ever leak of data in Bulgaria. Most likely, the attack was carried out via the system for VAT refunds.

The hackers accessed the system of Bulgaria’s tax agency, revealing tax declarations, personal identification numbers, names, addresses, income and other information kept by NAP.

Finance Minister Vladislav Goranov said, as quoted by Capital news outlet, that the revealed data was not enough to allow anyone to make a full property or financial analysis of any person.

According to Interior Minister Mladen Marinov this is the first successful hacker attack. It was carried out a month ago and the Bulgarian authorities are linking it to other information they have gathered, Marinov said but declined to elaborate.

He also suggested the attack was most likely related to Bulgaria’s decision to buy F-16 fighter jets from the US. However, Goranov assessed such connection as not very likely, news outlet Dnevnik reported.

Following the attack, Bulgaria’s Prime Minister Boyko Borissov summoned the security council. Meanwhile, the authorities are checking all state institutions for possible leaks and will ask for assistance from the EU cyber security agency to fully audit the most sensitive systems.

Although state authorities reacted quickly to the leak and claim personal security is intact, many have questioned this on social media and are demanding the resignations of those who allowed the breach. The Bulgarian Chamber of Commerce said it is considering filing a lawsuit against the state because of the breach, and claimed it has been warning about insufficient security for years.

Goranov apologised to all who have been affected and, so far, no resignation was filed. Meanwhile, opinions of local developers vary from those claiming that the state administration failed to secure the data properly, to those saying that such attacks happen regularly in other countries.

The hacker emailed several media on July 16, threatening to reveal more data unless the government tells the truth, Mediapool reported. The hacker claims to be a Russian citizen married to a Bulgarian woman.

“The parents of my wife live in Bulgaria and I have seen with my own eyes how poor the state of your country is,” the hacker writes.

He also claims the leak has been happening for 11 years now.

“Unless your corrupted government reveals the vulnerable system, you will be able to see this information on Web Archive (Internet Wayback Machine),” the hacker writes.

He also claimed that data was hacked back in 2012 as well, but that nobody found out at the time that 30 GB of information had been accessed.

The hacker threatened to upload 21GB of data on Russian and Bulgarian torrent trackers if Bulgarian security services fail to reveal the truth. This has led to a joke on social media that the new web address of NAP is nap.ru.