Bulgaria’s National Revenue Agency hacked to steal over five million people's data

• The attackers have compromised around 110 databases containing nearly 21 GB of personal data.
• Currently, the attackers have shared the data from 57 databases which is just 11 GB of the total 21 GB data.

Bulgaria’s National Revenue Agency (NRA) has fallen victim to a massive cyberattack. The attackers have compromised around 110 databases containing nearly 21 GB of personal data.

The incident came to light after attackers emailed the stolen data in parts to different local news publications, ZDNet reported. The NRA has admitted to the hack and said that it is working with the Ministry of the Interior and the State Agency for National Security (SANS) to investigate the matter. "We are currently verifying whether the data is real," said the NRA.

What data is involved?

According to reports from local media that received part of the stolen data, it has been found that the attackers have stolen personal data of over 5 million Bulgarians. This data was compromised after the attackers had gained access to 110 databases from NRA’s network.

Currently, the attackers have shared data from 57 databases which is just 11 GB of total 21 GB data.

The leaked information contained personal identification numbers (PINs), names, home addresses and financial earnings of Bulgarians. Most of the information available in the databases dated back as far as 2007.

Worth noting

Apart from the personal information, the leaky databases also contained data that appear to have been imported into NRA systems from other government agencies.

It is believed that the databases also contained information related to the Department of Civil Registration and Administrative Services (GRAO), National Health Insurance Fund (NZOK), Bulgarian Employment Agency (AZ) and Bulgarian Excise Centralized Information System (BECIS).

Bottom line

It is still unclear as to how the attackers gained access to NRA’s networks. But as some of the files contain new entries even from June, it is believed that breakthrough was made soon.