Last week, Bulgaria’s tax agency suffered a massive data breach. Possibly, the largest in Bulgarian history. This breach leaked the personal data of over 5 million Bulgarians. That’s over 72 percent of the entire Bulgarian population. The personal data includes names, social security information, addresses, and incomes.
Under the Radar
What is most disturbing however, is that it went undetected for about a month. According to this article, the initial attack happened in June. (June! August is less than 2 weeks away. ) It wasn’t until Bulgarian news outlets received an email from a Russian email address taking responsibility for the breach, that the attack became known. No one is 100 percent protected from a breach, as hackers are always evolving. However, for a breach to go unnoticed for a month is very scary. Bulgarian officials should be implementing in-depth security measures and security training for government officials ASAP. Especially because this is the nation’s second attack in under a year. Bulgarian’s commercial registry was successfully breached in 2018.
Cyber security experts note the attack wasn’t complex. The breach was simply a result of poor preparation from the Bulgarian government. Truthfully, security Measures should’ve been heightened, especially after last year’s attack. If the government had taken the appropriate precautions, this data breach could’ve been avoided. Many Bulgarians like political analyst, Asen Genov aren’t pleased by their government’s carelessness. Genov said in a statement, “that Bulgarian politicians, those who are in charge of the country, they knew quite well about the serious cyber security problems in the governments’ infrastructure and they didn’t do anything about it
When it Rains, it Pours
Amidst all the security drama, Bulgaria’s tax agency is facing a fine from the European Union. Last year, the EU implemented a data protection law that fines companies and government agencies for mis-management of data. The agency could potentially pay up to 22.4 million dollars in fines. A tragic and ironic state of events for a government tax agency.
Chime in!
Do you think, the Bulgarian government understands the importance of cyber security? Is a fine from the EU enough? What other measures should be implemented to reduce the chance of another breach happening? Share your thoughts below.