[BreachExchange] In systemic breach, hackers steal millions of Bulgarians' financial data

[Destry Winant]

https://www.reuters.com/article/us-bulgaria-cybersecurity/in-systemic-breach-hackers-steal-millions-of-bulgarians-financial-data-idUSKCN1UB0MA

Bulgaria’s finance minister apologized to the country on Tuesday after
admitting hackers had stolen millions of taxpayers’ financial data in
an attack that one researcher said may have compromised nearly every
adult’s personal records.

The breach of servers at the tax agency (NRA) happened at the end of
June and an official there said it was probably carried out from
abroad. A person claiming to be a Russian hacker emailed local media
on Monday offering access to the stolen data.

The reason for the attack was not immediately clear.

But the email’s author, who described the government as corrupt, said
hackers had compromised more than 110 databases, including “critically
confidential” information from key administrations, some of which was
being offered to journalists.

Finance Minister Vladislav Goranov said about 3% of the agency’s
database was affected, involving millions of records in the nation of
seven million, though the leaked information was not classified and
did not endanger financial stability.

Summoned to parliament for an explanation, he apologized “to all
Bulgarian citizens who have been made vulnerable”.

He said anyone who attempted to exploit the data “would fall under the
impact of Bulgarian law”, and initial analysis of the information that
had become public showed it was not enough to draw “substantive
conclusions” about any citizen’s financial situation.

There was no immediate comment from authorities in Moscow, which have
consistently denied accusations from foreign governments of Russian
involvement in a spate of cyber attacks against mostly western
interests.

UNPRECEDENTED

Cyber security researcher Vesselin Bontchev, assistant professor at
the Bulgarian Academy of Sciences, said the scale of the hack was
huge.

“To the best of my knowledge, this is the first publicly known major
data breach in Bulgaria,” he said. “It is safe to say that the
personal data of practically the whole Bulgarian adult population has
been compromised.”

The purported hacker’s email, seen by Reuters and sent from a Russian
email address, said more than 5 million Bulgarian and foreign citizens
as well as companies were affected.

Local media speculation about motives for the attack focused on a wish
to highlight the NRA’s failure to introduce robust security protocols
rather than any attempt to root out corruption. Atanas Chobanov, a
journalist for local anti-graft website Bivol called the hack “a bomb
that is dangerous” to many different types of people.

According to anti-graft group Transparency International, Bulgaria is
the most corrupt state in the European Union.

The country’s leading business organization, BIA, said it had warned
the government of possible flaws in its data protection systems a year
ago.

Officials said it was possible the hackers had gained access to an NRA
database by exploiting a weakness in its system for filing tax returns
from abroad.

Bulgarian newspaper 24 Chasa said one emailed file had more than 1.1
million personal identification numbers with income, social security
and healthcare figures. Other media reports said the records dated
back to 2007.

The prime minister convened the national security council, Interior
Minister Mladen Marinov said. On top of a local investigation,
Bulgaria planned to seek help from the EU cybersecurity agency to
audit its most sensitive systems.