The head of Bulgaria’s National Revenue Agency Galya Dimitrova said on July 31 that she sacked the agency’s two senior IT officials after , but did not intend to submit her own resignation after the data breach in which the personal data of more than four million people was stolen.
Talking to reporters just hours before she was scheduled to take part in the first hearing held by the ad hoc Parliamentary committee tasked with investigating the breach, Dimitrova said that the agency’s cybersecurity was lacking.
“I admit we were not careful enough. Our drive was to offer an increasing number of electronic services, but we underestimated the balance between access and security,” she said, as quoted by Bulgarian National Radio (BNR).
Dimitrova said that Finance Minister Vladislav Goranov has not asked for her resignation: “What he wants is solutions, not resignation.”
She made headlines earlier this week when, speaking to a local TV station, she said that she had made “a difficult, but calculated decision” not to interrupt her holiday when the data breach became public. Pressed to give her reasoning, she declined to give any details.
Dimitrova said that the agency was working on revamping its IT systems architecture and an external company was hired to audit the existing infrastructure, BNR reported. She also suggested that the cybersecurity of the agency’s systems should be outsourced to an external contractor.
The data breach was reported on July 15 after several Bulgarian media were sent emails with data allegedly lifted from the Bulgarian Finance Ministry’s servers. A day later, officials confirmed that the data was genuine.
The tax agency has since said that only the data of 189 people was compromised to an extent that would make them more susceptible to “potential fraud.”
Last week, the prosecutor’s office said that it pressed new cyber-terrorism charges against three people in its investigation into the data breach.
(Dimitrova speaks to reporters on July 31. Screengrab from Bulgarian National Television)