Hacked Bulgarian Database Reaches Online Forums (Jul 22, 2019)
The database of Bulgaria's National Revenue Agency (NRA), which was compromised in late June 2019, is now being shared on hacking forums. Download links to the database have been shared by a data trader known as “Instakilla,” who is believed to be operating out of Bulgaria. The database contains 57 folders, 10.7 GB in size, and holds personal and financial information consistent with what Bulgarian newspapers reported receiving over the weekend. This includes Personally Identifiable Information (PII) and tax information, from both the NRA and from other government agencies who shared their data. In the meantime, the investigation into the NRA hack has advanced in Bulgaria. Bulgarian Interior Minister Mladen Marinov continues to push the idea that Russian hackers are behind the security breach.
Recommendation: PII and tax information should be protected with the utmost care, and only used with vendors and organizations that you trust to keep your information in compliance with the relevant standards. Regular monitoring of financial accounts in addition to identity protection and fraud prevention services can assist in identifying potential theft of data.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.