* Personal records taken from National Revenue Agency
* 3% of tax agency database compromised – fin min
* Records offered to local media by purported hacker (Updates throughout, adds details, background)
By Angel Krasimirov and Tsvetelia Tsolova
SOFIA, July 16 (Reuters) – Hackers have stolen the personal and financial data of millions of Bulgarians by breaking into the tax agency’s systems, the government said on Tuesday.
The attack on Bulgaria’s National Revenue Agency (NRA) happened at the end of June, officials said, and came to light after a person claiming to be a Russian hacker contacted local media late on Monday offering access to the stolen data.
“We have compared 30% of the data that went public and we confirm that it is the information kept by the NRA,” said NRA spokesman Rosen Bachvarov.
Bulgarian Finance Minister Vladislav Goranov said about 3% of the NRA’s database was affected, involving millions of records in the nation of just 7 million people.
The leaked information was not classified and did not endanger financial stability, he added.
A leading Bulgarian newspaper, 24 Chasa, said one file emailed by the purported hacker had more than 1.1 million identification numbers with income, social security and healthcare figures.
“Maybe this is the first case in Bulgaria which is successful and a lot of personal data has been stolen,” Interior Minister Mladen Marinov told local bTV channel.
SECURITY COUNCIL MEETS
Officials said anti-cyber crime teams were still investigating the attack.
Bulgaria’s prime minister convened the national security council and all state institutions would be checked, Marinov said. Sofia also planned to seek help from the EU cyber security agency to fully audit its most sensitive systems.
In an email sent to Bulgarian media from a Russian email address and seen by Reuters, a person claimed to be the hacker and a Russian citizen with a Bulgarian wife.
There was no immediate comment from authorities in Moscow.
The email author said hackers had compromised more than 100 databases hosted on Finance Ministry servers and were offering some of them to journalists to investigate.
“Some of the compromised databases are from key Bulgarian administrations and contain critically confidential information,” the email said. “More than 5 million Bulgarian and foreign citizens as well as companies are affected.”
Bulgarian officials say they have indications the attack came from abroad, but did not elaborate. (Reporting by Angel Krasimirov and Tsvetelia Tsolova; Writing by Jack Stubbs; Editing by Andrew Cawthorne)