Millions of people’s personal data may have leaked when Bulgaria’s tax authorities were hacked. It was discovered this week. IT security consultant Siren Hofvander tells Ekot that it is only a matter of time before something similar happens in Sweden.
On Monday, an email came to Bulgarian media from a Russian email address. The sender wrote that he or she, several months before, reached a large amount of information about Bulgarian nationals from the country’s tax authority, NRA.
The sender criticized the IT security of the Bulgarian authorities, and called it parodic.
Experts estimate that it can affect as many as five million people in the country who are affected. According to the media, the sensitive information is in the hacker forum.
A cybersecurity expert accused of hacking the data of more than 5 million Bulgarian taxpayers was released by police Wednesday after his charges were downgraded.
Kristian Boykov, a 20-year-old Bulgarian cybersecurity worker, was arrested in Bulgaria’s capital Sofia last week in connection to the breach. Police raided his home and seized computers and mobile devices with encrypted information. The hacker was found by police through the computer and software used in the attack, according to the Sofia prosecutor’s office.
Due to his work, which involves testing computer networks for potential vulnerabilities, some believe Boykov is a “white hat hacker” — a hacker that breaks into computer networks to expose vulnerabilities and push for the weaknesses to be fixed.
He has made news in Bulgaria before. In 2017, he hacked the Bulgarian education ministry’s website to expose its vulnerabilities. In a television interview, he described the work as “fulfilling my civic duty.”
Sofia prosecutors claim they tracked one of the stolen files from the latest data breach to a username used by Boykov. Boykov and his lawyer reject the allegations against him and say he was not involved in the incident.
The Bulgarian authorities have apologized for the leak and insisted on the number of sufferers being significantly fewer than five million, rather 3 percent of the country’s population.
They have also said that the person was a “hacking wizard”, but experts have said that the method used by the person is fairly basic and that it is rather about poor IT security.
Siren Hofvander , IT security consultant at Cybercom, believes that the discussion on IT security often focuses on “elite hackers” rather than security systems, where there are often shortcomings.
She also believes that it is likely that something similar will happen in Sweden:
– You always think that it is much more complex systems, but this is a password that could break, so I suspect that this will happen more in the future and that it is only a matter of time when it happens in Sweden, unfortunately.