The scandal in Bulgaria about illicit use of personal data by some political parties to file election registration applications has highlighted the lack of security of official personal identity numbers.
Such numbers, commonly known by their Bulgarian abbreviation as EGNs, can be found on the internet, such as on lists of lawyers, business people and people in various professions whose data are – for one reason or another – posted online.
Media reports noted that data including not only the EGN but also the precise addresses of people in a number of professions can be found, in some cases requiring the downloading of a file but in others merely by following a link.
Speaking on April 16 2014 to public broadcaster Bulgarian National Television, mathematics professor Mihail Konstantinov said that there were about 100 companies in Bulgaria dealing with buying and selling of personal information.
With a note of irony, Konstantinov said that the information was “really nice personal data – where you work, how much you are paid, how much your apartment cost you, how many children you have and where they go to school”.
This information, he said, was used for all kinds of purposes – the more innocent, such as advertising, through to extortion or taking a person’s apartment or “whatever you want”.
“Currently, between half and a third of all personal data in Bulgaria is completely compromised,” Konstantinov said.
A major source of the leaking of personal information was the inadequacy in dealing with election-related documentation after elections.
Bags containing documentation that included the personal identity numbers of people were “stored in basements without any control. Anyone can go and take a bag or if they want, the lists,” he said.
The practice of illicit use of personal data was widespread and a lot of personal identity numbers had been sold a long time ago, Konstantinov said.
(Photo: Jakub Krechowicz/sxc.hu)