How difficult it's to steal tax documents of an entire nation? Physically impossible, but these threat actors made it possible as they hacked Bulgaria's tax revenue office and made the entire data public after stealing records of more than five million people. Police arrested a security researcher for his alleged connection.
It should be noted that the country's population is seven million and the scale of this hacking showed that almost every individual's information is now affected. An additional 1.38 million dead people have had their data leaked too. Experts believe that this attack is notorious, if not unique.
Bulgarian activist and blogger, Asen Genov is one of those affected people as he realised that his data has been compromised after seeing them available online.
He told CNN, "We should all be angry. ... The information is now freely available to anyone. Many, many people in Bulgaria already have this file, and I believe that it's not only in Bulgaria."
The cybersecurity experts said the government database is like a gold mine for hackers as it contains huge amount of information that the cybercriminals can use in future too.
Guy Bunker, an information security expert and the chief technology officer at a cybersecurity company called Clearswift said, "You can make (your password) longer and more sophisticated," but there is some information, the government has that will never change, such as date of birth, home address and other information.
This humongous data theft was confirmed by Finance Minister Vladislav Goranov, who apologised to those Bulgarian people, who have been made vulnerable.
Bulgarian police arrested a 20-year-old man for his suspected involvement in the hack against the National Revenue Agency (NRA).
The major suspect of this case Kristiyan Boykov has been working since 2017 for a security firm, TAD GROUP, which describes itself as having "extensive experience in conducting penetration tests and security assessments."
Police clarified that they don't believe TAD GROUP has any connection with this NRA data breach. But, they seized computer equipment, drives, and mobile phones at its offices in Sofia, as well as at Boykov's home.
However, Vesselin Bontchev, Bulgarian anti-virus expert shared a screenshot of what claims to be a message sent to local media by NRA hackers.
On Monday, July 22 another Tweet case which stated that these hacked data has been sold in DeepWeb environments and the hacks are in Romania according to Europol.
Another Tweet from "Blogger Book Reviews" mentioned that the man, who was arrested, is now set free and given lesser charges.