The finance minister in Bulgaria admitted that a hacker stole millions of people’s data, and that almost every taxpaying adult in the country was affected, according to a report by Reuters.
The minister also apologized to the country. The hack happened at the end of June at the country’s National Revenue Agency (NRA), which is Bulgaria’s tax agency.
Officials say the reason for the attack wasn’t clear right away, and that it probably came from outside of the country.
A person who claimed to be from Russia emailed media in Bulgaria on Monday (July 15) and said they would give access to the hacked information, which includes upwards of 1.1 personal identification numbers with income, as well as healthcare and social security information.
Finance Minister Vladislav Goranov said although the information affected millions of people, it was not classified info and would not endanger the financial stability of the country.
Goranov was called to parliament to give an explanation of the breach, and he said that he was sorry “to all Bulgarian citizens who have been made vulnerable.”
He also said the hacked data wasn’t detailed enough to offer “substantive conclusions” about anyone’s financial information and that if someone tried to take advantage of the data they “would fall under the impact of Bulgarian law.”
Cybersecurity researcher Vesselin Bontchev, assistant professor at the Bulgarian Academy of Sciences, said the hack was a huge one.
“To the best of my knowledge, this is the first publicly known major data breach in Bulgaria,” he said. “It is safe to say that the personal data of practically the whole Bulgarian adult population has been compromised.”
Media in the country focused on the hackers apparent wish to shine a light on the NRA and its supposed failure to put in security, rather than the potential that it was meant to show corruption.
One journalist called the breach “a bomb that is dangerous” to many different people in Bulgaria.
Anti-graft group Transparency International said that Bulgaria is the most corrupt state in the EU.