Bulgaria’s National Revenue Agency said on July 24 that it would contact the 189 people that were affected the most by the data breach made public last week, but there was no need for “nearly four million Bulgarians”, whose personal data was leaked, to get new ID.
The agency said that the data about the 189 individuals in question included their names, personal identification numbers (known by their Bulgarian abbreviation EGN), address, card number and issuing authority, which made them more susceptible to “potential fraud.”
They would be “contacted personally by the National Revenue Agency right away by phone or email,” the agency said.
The agency also plans to allow taxpayers to check whether their personal data was leaked. The application would allow only one check to prevent abuse and would be based on the EGN identification number, with information sent to a phone number provided by the user. This will tell users only whether their data was leaked, but not which information was included.
In its statement, the agency said that it was still checking whether the leaked data did not include “additions or manipulations”, compared to the information in its own databases.
Also on July 24, public broadcaster Bulgarian National Radio (BNR) reported that the investigation of the data breach had been transferred from the Sofia city prosecutor’s office to the specialised prosecutor’s office, whose remit includes organised crime cases.
BNR also reported that police detained in custody for 24 hours a second person in relation to the investigation.
The first person, detained last week, has been since identified as Kristian Boikov, a 20-year-old employed by a cybersecurity company. He was released from custody last week and has denied the accusations, saying he was set up.
The second person detained was an employee of the same company that employed Boikov, BNR said.
Although the initial prosecutor’s office statement last week said that Boikov’s alleged actions were unrelated to the company’s activity, deputy prosecutor-general Ivan Geshev told Bulgarian National Television on July 23 that prosecutors’ leading avenue of investigation was that the company’s “main activity was possibly cyber extortion.”