Mega Hack Exposes Entire Population's Data

Financial records of almost every adult in Bulgaria have been stolen in a cyber attack. It's led to the unlikely situation of the country's leader reportedly exaggerating the attacker's skills.

One man has been arrested following the attack, which looks to have involved unauthorized access to a database with records for every working adult in the country. That's almost five million people.

There's some debate over exactly what was involved in the breach. Press reports suggest it not only included personal information such as date of birth and address, but also tax declarations. Also included are leaked financial records, such as loans and payments for health insurance.

189 "At Biggest Risk"

The National Revenue Agency says the breached data was only "partial," so most people won't face any immediate threat such as losing property or having loans taken out in their name. It went on to say that 189 people are under a "greater risk of potential abuse," because the breached data in their case combines personal information and details of identification numbers and cards. (Source: nap.bg)

The Prime Minister of Bulgaria described the arrested man as a "wizard" when it comes to hacking skills and says the country needs to employ people with similar skills to work in cyber defenses. (Source: theguardian.com)

The man, who denies the accusations, has previously exposed flaws in another government department. He works for the Bulgarian office of TAD Group, an American cyber security company.

Fines May Not Be Deterrent

Critics says the Prime Minister's comments are a way of deflecting criticism and that the breach was down to lax security, rather than exceptional hacking skills. Business groups have previously questioned the security of the National Revenue Agency.

Data protection officials in Bulgaria say the agency could face a fine of up to 20 million euros ($22 million USD). That might not be a very effective punishment, given that the agency is a government department which is not designed to make a profit.

Security experts in the US note that the type of data collected by tax agencies is particularly sensitive because it could be useful to attackers for many years. That's because, unlike passwords that can be changed, home addresses will be the same for a long time and dates of birth will never change. (Source: cnn.com)

What's Your Opinion?

Do you worry about cyber security in the government agencies that you have to deal with? Can you imagine a similar attack in your country? How can governments ensure security among agencies given that financial penalties may be counterproductive?