Five Million Bulgarians' Records Exposed in Breach

​Every working adult in Bulgaria had a rude awakening this month after news broke that the bank, salary, and social security details of five million Bulgarians had been stolen from the National Revenue Agency (NRA), the country’s tax agency, and made readily available online.

The alleged perpetrator, 20-year-old Kristian Boykov, was arrested last week and charged with committing a computer crime against critical infrastructure, but the charge was downgraded due to his young age, good character, and lack of a previous criminal record. Boykov could now face three years in jail on a charge of committing a crime against an information system, Business Insider reports.

The hack is Bulgaria’s biggest data breach, and the government is fining the NRA €20 million ($22.4 million) over it.

Boykov had previously hacked the Bulgarian education ministry’s website in 2017 to expose its vulnerabilities, acting as a white hat hacker hunting for weaknesses to be fixed, NPR reports.

Boykov and his lawyer reject the allegations of his involvement in the most recent hack. Police are not ruling out the potential of outside involvement in the breach.

Bulgarian Prime Minister Boyko Borisov called Boykov a “wizard” hacker and that the country should hire similar people to work for the state, NPR notes.

He’s not the only one looking to hire some cybersecurity “wizards.” According to a recent survey, the cybersecurity workforce gap increased to more than 2.9 million globally in 2018. Learn more about cybersecurity recruiting and workforce management in this July article from Security Management. ​