BAD NEWS IF YOU'RE BULGARIAN; according to a local cybersecurity researcher, personal records belonging to every citizen in the nation have been compromised.
This all stems, reports Reuters, from a cyber attack made against the servers belonging to the country's National Revenue Agency which, according to local media, lead to personal data of between five and seven million Bulgarians being exposed.
"To the best of my knowledge, this is the first publicly known major data breach in Bulgaria," said cybersecurity researcher Vesselin Bontchev, assistant professor at the Bulgarian Academy of Sciences.
"It is safe to say that the personal data of practically the whole Bulgarian adult population has been compromised."
Police cybersecurity chief Yavor Kolev said Wednesday a 20-year-old Bulgarian employee of a cybersecurity company is suspected in the hacking.
However, the attack appears to have come courtesy of a hacker with a Russian email address who offered local media to the pilfered data. It remains unclear what motivated the attack, but the person claiming to be behind the hack said the Bulgarian government was corrupt, which would suggest this was a politically motivated attack.
Bulgaria's finance minister Vladislav Goranov had to apologise to the nation and noted that anyone found trying to exploit the data "would fall under the impact of Bulgarian law". Speaking of which, the NRA could face a data protection fine of up to 20 million euros (£18m).
There are no clear details as to how the hacker managed to gain access to the NRA's servers. But one could speculate it may have been down to vulnerabilities in the agency's online tax filing system and generally poor cybersecurity practices; this tends to be a bit of a theme in governments who tend to end up with large and complex legacy systems.
There have been bigger data breaches and hacks, but it's a pretty big deal for a whole nation's adult population to be compromised, especially when one considers that the data access contains names, addresses, and some details of personal income.
So yeah, if you're a Bulgarian reading this, then best keep an eye out for any fraudulent attempts made against your details. If you're an IT person working in a government agency, then this is a 'wake up and smell the coffee' moment to check the robustness of your cybersecurity.
If you're neither, then sit back, relax, and read about some new emojis. µ
Now you can watch documentaries about horribly disfigured people whenever you like
Brad to the bone
Being in a minority of one doesn't make you right
WeWork needs a rework