Last month, Bulgaria’s Nation Revenue Agency (NRA) suffered a massive data breach. The breach is reported to have exposed the information of up to 5 million Bulgarian citizens — over 70% of the entire population. The information included in the breach is thought to include victims’ names, addresses, income, as well as PIN and social security information. According to the New York Times, this information could be worth up to $200 million.
A Lassize-Faire To Remember
While the investigation into the attack is still on going and a suspect is in custody, many are blaming the Bulgarian government’s lackluster approach to cyber security. Initial reports indicate the attack was likely a result of weaknesses in the NRA’s system for filing tax returns from abroad. More damning is a report from Reuters stating the Bulgarian Industrial Association warned the governments of flaws in their systems over a year ago.
In the anonymous email sent to news outlets, even the self-proclaimed hacker wrote, “Your government is slow to develop, your state of cybersecurity is a parody.”
The Bulgarian Personal Data Protection Commission (PDPC), the country’s GDPR supervisory board, has said the NRA could face fines up to €20m ($22.43 million), the maximum allowed under EU regulations.
This breach is just another reminder to governments and businesses alike that cyber-attacks are a viable threat and must be treated accordingly. With the number of data breaches increasing and privacy regulations on the rise, there is no longer any excuse for not taking the steps to protecting against such attacks.