Security & Fraud

Bulgaria Tax Agency To Appeal $3M Fine For Data Breach


The National Revenue Agency (NRA) in Bulgaria was fined 5.1 million levs ($2.9 million) by the country’s data-protection agency over a data breach that compromised the personal information of almost every adult in the country.

Reuters is reporting that the tax agency said it was going to appeal the decision. It’s also considering taking legal action against hackers who got into the system, in an attempt to make them responsible for the fine.

The owner of a cybersecurity company and two of his employees were charged by prosecutors for the breach. They deny that they did anything wrong.

A maximum fine of 20 million euros could have been levied against the tax agency, but Ventisalav Karadzho, the head of the Commission for Personal Data Protection, said the fine was more to make sure proper data procedures are followed in the future, rather than a punishment. 

The NRA said that it had data-protection measures in place when the data theft happened. Two senior IT specialists were fired, and no public report has been released in terms of the agency’s security systems.

Leaders in the country say that public institutions don’t spend enough on cybersecurity, and analysts who studied the attack say it was fairly basic.

The hack happened at the end of June, and Finance Minister Vladislav Goranov said although the breach affected millions of people, it was not classified information and would not endanger the financial stability of the country.

Goranov was called to parliament to give an explanation of the breach, and he said that he was sorry “to all Bulgarian citizens who have been made vulnerable.”

He also said the hacked data wasn’t detailed enough to offer “substantive conclusions” about anyone’s financial information and that if someone tried to take advantage of the data they “would fall under the impact of Bulgarian law.” 



Banks, corporates and even regulators now recognize the imperative to modernize — not just digitize —the infrastructures and workflows that move money and data between businesses domestically and cross-border. Together with Visa, PYMNTS invites you to a month-long series of livestreamed programs on these issues as they reshape B2B payments. Masters of modernization share insights and answer questions during a mix of intimate fireside chats and vibrant virtual roundtables.