Podcast in English
Text size
Bulgarian National Radio © 2024 All Rights Reserved

How broken is cybersecurity in Bulgaria: the hack attack against the National Revenue Agency

Photo: dnevnik.bg

On 15 July, media and public institutions in Bulgaria found out, from a website based abroad, that there had been a hack attack against the database of the National Revenue Agency (NRA) without anyone knowing anything about it. On the following day, an anonymous male, presenting himself as Russian married to a Bulgarian wife, said for a TV station that he was behind the attack but an agency spokesperson denied it. A source at the General Directorate for Combating Organized Crime told the Bulgarian National Radio that an employee of a Bulgarian cybersecurity company had been detained for the hacker attack. 

The authorities are not disclosing any details under the pretext that the investigation is still at the beginning though their actions indicate they are very concerned about the state of cybersecurity in Bulgaria.

And with good reason:

In August 2018, the commercial register in Bulgaria came down. In 2015, slap in the middle of the local elections, the websites of the Interior Ministry, the Central Electoral Commission and several other institutions were hacked. These incidents may be different yet they raise one question – is the state providing sufficient protection to its institutions, registers and e-services? A question the state is asking itself too, if yesterday’s statement by Interior Minister Mladen Marinov is anything to go by. As he put it the latest attack against the NRA should be a red flag for all major administrative systems in the country. On his part, Finance Minister Vladislav Goranov said in parliament that the information in the NRA’s database was protected but apologized to the people affected by the hacking attack. In the words of the interior minister files have been hacked containing data about hundreds of thousands of Bulgarian citizens, their names, national identification numbers, as well as the names of Bulgarian companies with their unique identifiers. Prime Minister Boyko Borissov even convened the Council of Ministers’ Security Council over the hack attack. The Security Council makes operating decisions that are mandatory. 

That the powers-that-be are worried is evident from other steps the government has taken. Bulgaria asked for help from the European Commission and from the EU Agency for Cybersecurity. European Commissioner for Digital Economy and Society Mariya Gabriel has been made aware of the details of the incident. The government is expecting full cooperation, in the coming days, from the European Union Agency for Network and Information Security, based in Greece.

Reactions by experts have varied widely. One of them, who found his own name in the leaked personal data base, described the NRA hack as “IT Chernobyl”. Others tend to agree with the Finance Ministry that “the data leaked are not all that valuable”. From the very beginning of the disclosures, there have been some who have warned, and it looks like they were right, that “in 90 percent of hacker attacks such as this one there is an insider”. One expert commented for the Bulgarian National Radio that hacker attacks like this one are an everyday occurrence in the world, and though this is the first attack with such a far-reaching effect on personal data in Bulgaria, ultimately this is a “standard situation”.

But since 2015 we have been witnessing a great many “standard situations”, and some of the reactions show a tendency of looking for the roots of the hack attacks against Bulgarian institutions in places outside the country, usually Russia. None of these accusations, since 2015, have ever been corroborated, and as to the latest attack on the NRA, the agency’s spokesperson Rosen Bachvarov stated that the people who had instigated it were Bulgarian. However at this point there is no proof that this is so either. If the authorities adduce evidence to this effect, then the people affected will be able to sue concrete perpetrators instead of the state, as some have already threatened to do.



Последвайте ни и в Google News Showcase, за да научите най-важното от деня!
Listen to the daily news from Bulgaria presented in "Bulgaria Today" podcast, available in Spotify.

More from category

Boryana Murgina: Bulgarian children in Sunday schools abroad also need the help of speech therapists

People are part of a society and it would be difficult to live without communication. Therefore, caring for a good communication with other people begins at an early age, when we learn to speak. Everything starts in the family but the..

published on 3/28/24 4:36 PM

At Sofia Airport before Bulgaria’s accession to Schengen by air and sea

On March 31, Bulgaria and Romania join the Schengen area by air and sea. Austria remains the last stumbling block stopping the two countries in their pursuit of full membership in the European area of free movement without border controls at internal..

published on 3/28/24 1:58 PM

Conference on cardiovascular health in the EU to be held in Sofia

The European Commission Representation in Sofia will today host a conference on "Cardiovascular Health in Europe: Challenges and Prospects".  The event will be attended by the outgoing Deputy Prime Minister and Minister of Foreign Affairs, Mariya..

published on 3/28/24 7:25 AM