Hackers in Bulgaria stole 21 GB of users' data: 11 GB shared with local media

Millions of Bulgarians affected: hackers stole their private data and emailed its download links to local media

Hacker group has stolen personal data of Bulgarians and even emailed download links to local media.

The group of hackers stole the data from at least 5 million Bulgarians and shared download links to those details with local media.^[1] It appears that download links to personal and financial data, including data belonging to the Ministry of Finance of Bulgaria, got emailed to certain local media. In the short message posted on Monday, the 15th, Country's National Revenue Agency (NRA), a department of the Bulgarian Ministry of Finance, admitted the incident but has also stated that this data breach still needs to be verified.^[2]

Various reports from local Bulgarian media representatives who were sent emails from hackers have stated that these people stole information from more than 110 databases. In total, hackers leaked data from around 57 NRA's network databases.^[3] It is believed that criminals compromised more than 21 BG of data and more than half of it – 11BG – got shared with the news. According to them, they promised to release the rest portion of data in the next few days. The bigger part of the information from those databases includes details dating back as far as 2007, but newer databases also got affected.

21 GB of stolen data includes names, addresses, and financial earnings

Personal details obtained by the hacker group includes names, personal identification numbers, home addresses, financial information, and NRA-related information. Unfortunately, other details from government agencies were also imported on the same NRA system. There have been allegations that the leaked data can contain details from the Department Civil Registration and Administrative Services, or, in other words, information about citizens' social security and identification numbers, taxes and import.

Local media who received those download links also stated that information revealed details belonging to the National Health Insurance Fund and the Bulgarian Employment agency. There is no information about the particular hacker group or a person who could be responsible for this cyber attack, but a few facts about this incident have raised some questions about Russian hacker group involvement:

• The links were sent from the Yandex.ru email address.
• Various quotes from WikiLeaks founder Julian Assange were included in the email, like “Your government is stupid. The state of your cybersecurity is a parody.”

Data sent from a Russian-based email: government questions the relation with the recent military purchase

The government of Bulgaria has already provided an idea that the hack could be related to the government's purchase of the new jets from the United States. The biggest military purchase of F-16 fighter jets for $1,256 billion might be the motivation for the Russain hacker group, as Mladen Marinov, Interior Minister has guessed.^[4] Bulgarian politics from Democratic party already suggested the resignation of Finance Minister Vladislav Goranov.

The similar incident regarding data security was reported last month. Bulgarian IT specialist was arrested for releasing particular security details on his Facebook video. The information revealed on social media included a link to the malicious exploit kit and description on vulnerability exploitation in a state-managed kindergarten web portal.^[5]