Bulgaria has suffered it’s biggest data leak yet. The victim – the National Revenue Agency.
The breach revealed the data of 5 million citizens (out of the 7 million total population of the country), which included names, personal identification numbers, addresses and income data dating back to 2007. This was revealed to local media in an email from the hackers that included a download link on July 15.
Besides NRA-specific information, there is also other info which appears to have been imported into NRA systems from other government agencies. The leaked data also contained information from Department Civil Registration and Administrative Services. In addition, there was also some information that local media deemed to have belonged to the National Health Insurance Fund, although they have not detailed the precise nature of the information, and data from the Bulgarian Employment Agency.
What’s troubling though is that apparently, this leak contains only 57 out of a total of 110 compromised databases and is still unclear what that information consists of or if the hackers are going to reveal it to the public.
“There are more than 5 million Bulgarian and international citizens, as well as companies, affected in the breach,” the hackers said.
They further added the full leak contains about 21GB of data; by comparison, the files leaked so far amount to a little under 11GB.
“Your government is mentally retarded. The state of your cyber-security is a parody.” they further say in their email, concluded by a quote by Wikileaks’ Julian Assange.
By some estimates, the agency could be fined EUR 20 million for the breach, though no official statements have been made and the situation is still under investigation.