Police in Bulgaria have arrested a 20-year-old man after a hack against the Bulgarian tax authority, known as the National Revenue Agency (NRA), which saw data on every single adult living in Bulgaria stolen, and offered to the media.
Every adult living in Bulgaria? Yes, according to local media apparently practically every adult member of the Bulgarian population has had their name, address, and even personal income details stolen, through a vulnerability in a VAT refund system. Plus an additional 1.38 million dead people have had their data leaked too.
Finance Minister Vladislav Goranov confirmed the security breached, and apologised “to all Bulgarian citizens who have been made vulnerable” according to Reuters.
What will raise some eyebrows is that the man who has been arrested in connection with the hack is Kristiyan Boykov from the city of Plovdiv. Boykov has been working since 2017 for the security firm TAD GROUP, which describes itself as having “extensive experience in conducting penetration tests and security assessments.”
Boykov came to the attention of the penetration testing company two years ago, after he found vulnerabilities on a Ministry of Education and Science (MES) website which allowed him to access a database containing details of companies offering internships to students.
When the ministry failed to respond, Boykov went to popular Bulgarian TV show “Lords of the Air” with his findings.
Police say they do not believe that Boykov’s employer, TAD GROUP, is connected with the breach, but computer equipment, drives, and mobile phones were seized at its offices in ..
Support the originator by clicking the read the rest link below.
