"We all have to be angry." The information is now freely available to anyone. Many, many people in Bulgaria already have this file, and I think that's not only in Bulgaria, "said Genov, a blogger and political analyst. He knows his data has been compromised because, although he is not an IT expert, he managed to find the stolen files online.
Government databases are honey pots for hackers. They contain a huge wealth of information that can be "useful" for years to come, experts say.
"You can make your password more and more sophisticated, but the information the government holds are things that are not going to change," said Guy Bunker, an information security expert and chief technology officer at Clearswift, and cybersecurity company.
"Your date of birth is not going to change, you will not move home tomorrow," he said. "
" A lot of the information that was taken was valid yesterday, it is valid today and will probably be valid for a large number of people in five, 1
Data breaches used to be spearheaded by highly skilled hackers. But it does not take a sophisticated and carefully planned operation to break into IT systems. Hacking tools and malware that are available on the dark web make it possible for amateur hackers to cause enormous damage.
Still, attacks against government systems are on the rise, said Adam Levin, the founder of CyberScout, another cybersecurity firm. "It's a war right now – we'll win if we make cybersecurity and front-burner issue," he said.
The notion that governments urgently need to step up their cybersecurity game is not new. Experts have been ringing alarm bells for years
The US Department of Veterans Affairs suffered one of the first major data breaches in 2006, when personal data of more than 26 million veterans and military personnel were compromised.
"And it was all, 'Oh, this is dreadful. We have to do things to stop it.' … And here we are, 13 years later, and an entire country's data has been compromised, and in between, there have been incidents of large swathes of citizen data being compromised in different countries, "said Bunker,
Out-of -date systems are often the problem. "
" In many cases, our data has been sent to third-party contractors years ago, "Levin said. "The way we looked at data management 10 years ago seems to be antiquated today, but that old data is still out there being managed by third parties, using legacy systems."
If the "old data" has not changed, it's still valuable to hackers.
The Bulgarian incident is about, said Desislava Krusteva, and a Bulgarian privacy and data protection lawyer who advises some of the world's largest tech companies on how to keep their clients' information safe
"These kinds of incidents should not happen "said Krusteva, a partner at Dimitrov, Petrov & Co., a law firm in Sofia. [19659002
The National Revenue Agency spokesman would not comment on whether the data was properly protected.
"As there is undergoing investigation, we could not provide more details about the reasons behind the hack," Communications Director Rossen Bachvarov said.
'Very embarrassing for the government'
A 20-year-old cyber-security worker has been arrested by the Bulgarian police in connection with the hack. The computer and software used in the attack led the police to the suspect, according to the Sofia Prosecutor's Office.
The man has been detained, and police seized his equipment, including mobile phones, computers and drives, the prosecutor's office said in a statement. If convicted, he could spend as long as eight years in prison.
"It is still too early to say what happened, but from a political perspective, it is, of course, very embarrassing for the government, "Krusteva said.
The embarrassment is made worse by the fact that this was not the first time the Bulgarian government was targeted. The country's Commercial Registry was brought down less than a year ago by an attack.
"So, at least for a year, Bulgarian society, politicians, those who are in charge of the country, they knew pretty well about the serious cybersecurity problems in government infrastructures," and they didn ' t do anything about it. "