How Bulgaria got hacked
Data of almost every adult in the Balkan nation has been stolen in tax agency breach

The government of Bulgaria has revealed that a major data breach of servers at its national tax agency may have affected more than five million people - in a country with a total population of just 7.1 million.
Hackers are understood to have targeted Bulgaria’s National Revenue Agency (NRA) in an attack at the end of June that “may have continued for some time”, The New York Times reports.
According to tech new site The Next Web, the stolen information includes card details, Pin numbers, addresses and even income data.
Subscribe to The Week
Escape your echo chamber. Get the facts behind the news, plus analysis from multiple perspectives.

Sign up for The Week's Free Newsletters
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
The breach was kept secret until this week, when a number of Bulgarian news agencies received an email claiming responsibility for the massive breach.
The author of the email, who claims to be a Russian hacker, offered media outlets access to the stolen data but did reveal the motive for the attack. Describing the Bulgarian government as corrupt, the email said the breach had “compromised more than 110 databases”, including “critically confidential” information, Reuters reports.
Finance Minister Vladislav Goranov disputed the claims, insisting that the leaked information was not classified and did not endanger financial stability. Nevertheless, he apologised to the nation and stressed that anyone found trying to exploit the data “would fall under the impact of Bulgarian law”.
On Tuesday, Bulgarian authorities arrested a 20-year-old national on suspicion of involvement in the attack. He was identified by his lawyer as Kristiyan Boikov, an employee of US cybersecurity company TAD Group, which has office in the Bulgarian capital, Sofia.
Speaking at a government meeting on Wednesday, Prime Minister Boyko Borissov described Boikov as a “wizard”, The Guardian reports. The cybersecurity worker also made national news in 2017, after “exposing flaws in the Bulgarian education ministry’s website”, the newspaper adds.
Cybersecurity researcher Vesselin Bontchev, an assistant professor at Sofia’s Bulgarian Academy of Sciences, told Reuters it was “safe to say that the personal data of practically the whole Bulgarian adult population has been compromised” in the latest attack.
He noted that as “the first publicly known major data breach in Bulgaria”, the attack is likely to fuel debate over the country’s apparently lax cybersecurity infrastructure.
“The reason for the success of the attack does not seem to be the sophistication of the hacker, but rather poor security practices at the NRA,” said Bozhidar Bozhanov, chief executive at cybersecurity firm LogSentinel.
The Inquirer agrees that the breach “may have been down to vulnerabilities in the agency’s online tax filing system and generally poor cybersecurity practices”, and adds that such problems tend to be “a bit of a theme in governments who tend to end up with large and complex legacy systems”.
In cybersecurity terms, a legacy system can be defined as any system that is old enough to increase the vulnerability of the user to current technological threats. These systems may remain in place to avoid upgrade costs, because certain applications rely on the older version to function, or simply as a result of misplaced complacency.
The NRA is now facing a fine of up to €20m ($22.43m) over the hack under the European Union’s GDPR regulations, which came into effect in 2018. Under the new data protection law, the NRA could be fined up to 4% of its annual turnover.
And as Al Jazeera reports, this is no bluff. Earlier this month, British Airways was hit with a £183m fine - equivalent to 1.5% of the airline’s turnover - over a hack that led to the personal details of 500 million customers being compromised.
Sign up for Today's Best Articles in your inbox
A free daily email with the biggest news stories of the day – and the best features from TheWeek.com
-
Protein obsession is oversaturating the health food space
Under the Radar Some experts say that fiber is now the most important macro to focus on
By Justin Klawans, The Week US
-
RFK Jr.'s focus on autism draws the ire of researchers
In the Spotlight Many of Kennedy's assertions have been condemned by experts and advocates
By Theara Coleman, The Week US
-
Codeword: April 23, 2025
The Week's daily codeword puzzle
By The Week Staff
-
Why Russia removed the Taliban's terrorist designation
The Explainer Russia had designated the Taliban as a terrorist group over 20 years ago
By Justin Klawans, The Week US
-
Inside the Israel-Turkey geopolitical dance across Syria
THE EXPLAINER As Syria struggles in the wake of the Assad regime's collapse, its neighbors are carefully coordinating to avoid potential military confrontations
By Rafi Schwartz, The Week US
-
'Like a sound from hell': Serbia and sonic weapons
The Explainer Half a million people sign petition alleging Serbian police used an illegal 'sound cannon' to disrupt anti-government protests
By Abby Wilson
-
The arrest of the Philippines' former president leaves the country's drug war in disarray
In the Spotlight Rodrigo Duterte was arrested by the ICC earlier this month
By Justin Klawans, The Week US
-
Ukrainian election: who could replace Zelenskyy?
The Explainer Donald Trump's 'dictator' jibe raises pressure on Ukraine to the polls while the country is under martial law
By Sorcha Bradley, The Week UK
-
Why Serbian protesters set off smoke bombs in parliament
THE EXPLAINER Ongoing anti-corruption protests erupted into full view this week as Serbian protesters threw the country's legislature into chaos
By Rafi Schwartz, The Week US
-
Who is the Hat Man? 'Shadow people' and sleep paralysis
In Depth 'Sleep demons' have plagued our dreams throughout the centuries, but the explanation could be medical
By The Week Staff
-
Why Assad fell so fast
The Explainer The newly liberated Syria is in an incredibly precarious position, but it's too soon to succumb to defeatist gloom
By The Week UK