Bulgaria’s National Revenue Agency (NRA) has fallen victim to a massive cyberattack. The attackers have compromised around 110 databases containing nearly 21 GB of personal data.
The incident came to light after attackers emailed the stolen data in parts to different local news publications, ZDNet reported. The NRA has admitted to the hack and said that it is working with the Ministry of the Interior and the State Agency for National Security (SANS) to investigate the matter. "We are currently verifying whether the data is real," said the NRA.
What data is involved?
According to reports from local media that received part of the stolen data, it has been found that the attackers have stolen personal data of over 5 million Bulgarians. This data was compromised after the attackers had gained access to 110 databases from NRA’s network.
Currently, the attackers have shared data from 57 databases which is just 11 GB of total 21 GB data.
The leaked information contained personal identification numbers (PINs), names, home addresses and financial earnings of Bulgarians. Most of the information available in the databases dated back as far as 2007.
Apart from the personal information, the leaky databases also contained data that appear to have been imported into NRA systems from other government agencies.
It is believed that the databases also contained information related to the Department of Civil Registration and Administrative Services (GRAO), National Health Insurance Fund (NZOK), Bulgarian Employment Agency (AZ) and Bulgarian Excise Centralized Information System (BECIS).
It is still unclear as to how the attackers gained access to NRA’s networks. But as some of the files contain new entries even from June, it is believed that breakthrough was made soon.