Security & Fraud

Bulgaria Tax Agency To Appeal $3M Fine For Data Breach


The National Revenue Agency (NRA) in Bulgaria was fined 5.1 million levs ($2.9 million) by the country’s data-protection agency over a data breach that compromised the personal information of almost every adult in the country.

Reuters is reporting that the tax agency said it was going to appeal the decision. It’s also considering taking legal action against hackers who got into the system, in an attempt to make them responsible for the fine.

The owner of a cybersecurity company and two of his employees were charged by prosecutors for the breach. They deny that they did anything wrong.

A maximum fine of 20 million euros could have been levied against the tax agency, but Ventisalav Karadzho, the head of the Commission for Personal Data Protection, said the fine was more to make sure proper data procedures are followed in the future, rather than a punishment. 

The NRA said that it had data-protection measures in place when the data theft happened. Two senior IT specialists were fired, and no public report has been released in terms of the agency’s security systems.

Leaders in the country say that public institutions don’t spend enough on cybersecurity, and analysts who studied the attack say it was fairly basic.

The hack happened at the end of June, and Finance Minister Vladislav Goranov said although the breach affected millions of people, it was not classified information and would not endanger the financial stability of the country.

Goranov was called to parliament to give an explanation of the breach, and he said that he was sorry “to all Bulgarian citizens who have been made vulnerable.”

He also said the hacked data wasn’t detailed enough to offer “substantive conclusions” about anyone’s financial information and that if someone tried to take advantage of the data they “would fall under the impact of Bulgarian law.” 



The pressure on banks to modernize their payments capabilities to support initiatives such as ISO 20022 and instant/real time payments has been exacerbated by the emergence of COVID-19 and the compelling need to quickly scale operations due to the rapid growth of contactless payments, and subsequent increase in digitization. Given this new normal, the need for agility and optimization across the payments processing value chain is imperative.