Bulgaria’s National Revenue Agency said on July 15 that it was checking, along with the specialised units of the Interior Ministry and State Agency for National Security, a “potential weakness” in its computer systems.
The check comes after several Bulgarian media received emails earlier in the day, with data allegedly lifted from the Bulgarian Finance Ministry’s servers.
In a terse statement on its website, the agency said that it was investigating whether the data was “real” and that it would provide additional information later.
News website Mediapool reported that the email came from an address registered with Russian mail provider Yandex and contained 57 folders with files that contained people’s names, personal identification numbers (known by their Bulgarian abbreviation EGN) and, in some cases, personal income. Some data was older and some more recent, the report said.
Newspaper 24 Chassa said that one file had more than 1.1 million EGN numbers with monthly income figures, as well as social security and healthcare contributions.
Both reports said that the email contained a claim that a total of 110 “confidential databases” had been “compromised”, but the email contained access to only 57 of them.
The two reports quoted the email saying that more than five million Bulgarians and foreigners were affected by the alleged leak.
“Your government is mentally retarded. The state of your cybersecurity is a parody,” the two reports quoted the email as saying.