The National Revenue Agency /NRA/ has reported on the work done so far in connection with the recent hacker attack against its database. Changing passwords and personal identification codes, which the Agency issues to citizens, has been recommended.

I apologize to all Bulgarian citizens who have been affected by the hacker attack. The cyber-attack was directed against the NRA, but all Bulgarian citizens whose personal data were publicly disclosed were affected by the crime, Galya Dimitrova, executive director of the National Revenue Agency said at the first press conference after her return from paid annual leave. We recall that in mid-July, a break was found in the revenue agency's system and data of millions of Bulgarian citizens leaked. One of the many questions raised by the lack of sufficient information was how such an attack happened and why it was successful. According to experts, whose opinion is shared by Dimitrova, the reason is the lack of a 100% secure system accessible to external users. Only internal insulated systems are considered completely secure. However, the system is open to users who use 138 electronic services and exchange with the revenue agency over 150,000 reports and documents. They function normally, although all NRA IT professionals are committed to resolving the crisis.

“Our mission is to be open and accessible to our clients so that they can easily declare and pay their taxes, but unfortunately there are also people with malicious criminal intent and actions. We underestimated the balance between accessibility and security of systems. However, I assure you that what happened will not demotivate us and we will continue to develop and provide better electronic services with the necessary degree of protection,” Dimitrova said. She said that an audit of all the Agency's information systems is currently underway, as well as a separate audit aimed at identifying whether there were staff members involved in the attack. The analysis, made with the help of the General Directorate Combating Organised Crime, SANS, and the State Agency for Electronic Management, has identified gaps in the work of the offices responsible for information systems and information security. This is the reason for the head of the revenue agency to ask for the resignations of the heads of both departments. It is also possible that an external company would be hired to improve the cyber security of the NRA, Dimitrova added. There is no need to change personal documents because of information leaked by the Agency. “What we recommend is a change of passwords and personal identification codes that NRA issues, as well as getting acquainted with the tips we have provided on our site, the NRA Executive Director said. The problem of leaked personal data calls into question the security of citizens and their properties. However, according to the general opinion of banks, credit institutions and leasing companies, citizens' property is protected and there is no danger to it. In the meantime, work continues on the e-service launched by the Revenue Agency, which would allow citizens to determine exactly what information about them leaked out. It will be accessed by a personal identification code or an electronic signature. However, the Agency could not fix an exact date when the service would be fully operation, as the process was too complicated. According to Dimitrova, over 73 million records have been processed so far and there were over 609,000 discrepancies found. They may be due to shifts or incompletely downloaded data. Data could have been manipulated by hackers, too. The number of citizens on the territory of the country who have checked whether their personal data leaked out is 937,620. About 665,000 out of them found their data leaked and 272,620 have not been affected. From the beginning of the week, Bulgarians living abroad can check the security of their personal data. They can call (+359/2) 9859 6801 and they would need to answer a variety of questions in order to be identified.

English: Alexander Markov