NRA data leak investigatedEuropost , Sofia
The information sent to Bulgarian media by a Russian domain definitely tallies with the information available on the servers of the National Revenue Agency (NRA), Interior Minister Mladen Marinov said. He noted that this confirms that unauthorised access to the NRA servers has taken place. Minister Marinov spoke at a briefing after an extraordinary session of the Security Council with the Council of Ministers, which was summoned by PM Boyko Borissov after an alleged hacker attack against the NRA on Monday.
A number of Bulgarian media outlets received an e-mail from an anonymous group of hackers on Monday with a link to databases, allegedly containing the personal information of millions of Bulgarian citizens and companies, accessed from the NRA's servers. The anonymous group of hackers called the Bulgarian government “retarded” and its cybersecurity “a parody”. The e-mail's body ends with a quote attributed to the Anonymous and a call to free Julian Assange.
Finance Minister Vladislav Goranov pointed out that about 3% of the NRA's database can be considered affected. In his words, not only personal data was leaked, but also tax and social security information. “Evaluations and analyses show that the tax and social security information that was leaked and is being spread, is insufficient for drawing an overall conclusion about the property or financial status of a given individual,” Goranov added.
Commenting on the accident with the NRA's information security, NRA Spokesperson Rossen Buchvarov said at a press conference that the Agency's database was hacked because of the vulnerability of one of the online services that the NRA provides, that is, for refunds of VAT paid abroad. “As of this moment, this vulnerability has been eliminated, the possibility of abusing the data is limited, and the service has been temporarily suspended. It will remain so until the NRA's information security has been restored,” Buchvarov explained.