A 20-year-old infosec bod has been arrested in Bulgaria after most of the country's population had their personal and financial details stolen.
Local media reported (in Bulgarian, so get your translation hat on) that "more than 5 million" people's data – almost the entire adult population, according to Reuters, had been lifted from the Bulgarian tax service's database.
Bulgaria has a population of 7 million, according to the CIA Factbook. Snippets of the data were reportedly sent by the hackers to local media outlets – in much the same way as by the criminal who stole tens of thousands of people's personal data from British supermarket chain Morrison's.
The hacker's email said around 110 databases had been compromised, according to Reuters, which added that finance minister Vladislav Goranov said 3 per cent of the records of the Bulgarian tax agency, unfortunately abbreviated in English as NRA, had been accessed.
One newspaper, 24 Chasa, said it had been sent the details of 1.1 million people's national insurance numbers along with details of their income and healthcare arrangements, according to Reuters.
Security journalist Graham Cluley wrote a useful roundup that centres around the arrest of one Kristian Boykov, a researcher who works for infosec outfit TAD Group. In a (translated) statement the company said: "Christian is our 2017 official in the 'Cybersecurity Expert' position. As part of the company, Christian has always been ethical, professional and loyal to his work commitments, including our clients and the entire team."
Boykov, 20, is said to have worked with local police after discovering another data breach a few years ago. Reports of a local telly interview with his lawyers and the local country manager of TAD Group suggest they don't think Boykov was responsible for the data heist. Indeed, they suggest he might have been framed.
The investigation continues. Nobody has yet been charged. ®