Bulgarian Authorities Arrest Suspect in Massive Data Breach20-Year-Old Charged as Investigation Continues
Bulgaria's national cybercrime unit has arrested a 20-year-old local man for his alleged role in breaching the country's tax servers and exposing the financial details and other personal data of nearly 5 million citizens, according to news media reports.
The suspect is described in local news reports as a "white hat" hacker.
The Sofia City Prosecutor's Office, which is handling the case, charged the man with "having unlawfully copied computer data from a [National Revenue Agency] server," according to a statement. In Bulgaria, that charge is punishable by up to eight years in prison. Prosecutors also noted that the suspect works for a security testing company, but the company was not involved in the data breach, according to the statement.
It's not clear if police and prosecutors believe the man worked alone or was involved with other hackers, but the BBC noted that the investigation is continuing.
Bulgarian authorities are investigating whether the tax agency did not do enough to protect its data. The agency could face a possible 20 million ($22.4 million) fine if it’s security measures were inadequate, according to the BBC.
In late June, a hacker stole about 11 GB of data from the National Revenue Agency's 110 databases, which contains names, personal identification numbers, home addresses, and financial earnings of nearly 5 million Bulgarian citizens, according to news reports. The country has a population of about 7 million. The hacker appears to have exploited a number of unspecified weaknesses in these databases, some of which date back to 2007, according to news reports.
Apparently, the NRA system was well-protected when it was created in 2012 (yeah, right) - but it was modified in 2015 and this is when the vulnerability was introduced.— Vess (@VessOnSecurity) July 17, 2019
The vulnerability was in a service for VAT refund.
While the breach happened sometime in June, the incident came to the public's attention on Monday, when someone identifying themselves as a Russian hacker emailed to several media outlets files purported to contain stolen data, Reuters reports.
According to local newspaper 24 Chasa, investigators confiscated from the suspect two laptops and another PC that contained stolen data.
Yavor Kolev, the head of the cybercrime division of the General Directorate for Combating Organized Crime, which is part of Bulgaria's Interior Ministry, told the newspaper: "We are almost certain that we have identified a suspect who has been involved in the attack, and all the evidence shows the person is involved in the attack."
In the email to the news media, the individual claiming to be the hacker mentions that the motive behind the attack is to highlight the poor cybersecurity measures of the Bulgarian government.
The country recently has seen a significant rise in cybercrimes, with fraud such as ATM skimming, computer hacking and ransomware-related incidents becoming more common, according to news reports.
Bulgarian criminals play a significant role in ATM and credit card skimming-related fraud across the world, according to a report by the U.S. State Department's Overseas Security Advisory Council.