The Bulgarian police have arrested the suspected hacker who allegedly stole the personal details of around 5 million Bulgarians and emailed download links of the stolen data to local media agencies. The police arrested the suspect on July 17,2019, and has launched an investigation to know the damage occurred due to the incident. “We have a suspect that has been detained,” the Bulgarian police said in a statement.*
It’s believed that the compromised data belonged to the country’s National Revenue Agency (NRA), a department of the Bulgarian Ministry of Finance. Boyko Borissov, the Bulgarian prime minister, called an emergency meeting after the cyber-attack, the Capital.bg reported.
Vladislav Goranov, the Finance Minister of Bulgaria, said the stolen data included names, personal data, personal identification numbers, addresses, and financial earnings of individuals and companies. Goranov stated their government has requested help from the European Union’s cybersecurity agency.
The hacker compromised around 10 databases from the NRA’s network, which totals to nearly 21 GB and shared 57 databases, comprising 11 GB of the aggregate data with local news outlets. The hacker, claimed as a Russian man, emailed local media using Yandex.ru email address.
The hacker also called for the release of WikiLeaks founder Julian Assange and mocked the Bulgarian government saying “Your government is stupid. Your cybersecurity is a parody.”
“The NRA and the specialized bodies of the Ministry of the Interior and the State Agency for National Security (SANS) check the potential vulnerability of the computer system of the National Revenue Agency. Earlier today, emails of certain media have been sent a link to download files allegedly belonging to the Ministry of Finance of Bulgaria. We are currently verifying whether the data is real. Further information will be provided later,” the NRA said in a statement.
*This story has been updated with the news of suspected hacker’s arrest.