Bulgaria National Revenue Agency

The Bulgaria National Revenue Agency (NRA) serves as the central governmental body responsible for the administration and collection of national revenues in Bulgaria. Its core mandate involves the implementation of tax legislation, encompassing the assessment, collection, and enforcement of direct and indirect taxes. The agency's operational scope extends to managing customs duties and excise taxes, reflecting a broad responsibility for controlling the flow of goods and associated revenues across the country's borders. A notable aspect of its function is the integration and management of sensitive citizen data, which, as evidenced by a major security incident, includes not only comprehensive tax records but also information from interconnected systems such as health insurance and national employment agencies. This consolidation of financial and personal data across multiple public sectors positions the NRA as a critical hub within Bulgaria's governmental infrastructure, serving the entire population of citizens and businesses subject to national fiscal regulations.

The scale and critical nature of the NRA's data holdings were starkly revealed by a sophisticated cyberattack in July 2019. During this incident, an attacker successfully exfiltrated 110 databases from the agency's systems, totaling 21 gigabytes of information. The compromised data spanned the agency's core tax functions and extended into related national systems, including customs excise records, details from the national health insurance fund, and data from the employment agency. The perpetrator subsequently released a portion of this stolen information to Bulgarian media outlets, demonstrating the immediate and widespread societal impact of the breach. The attack precipitated swift political repercussions, with opposition parties calling for the resignation of the finance minister over perceived failures in governmental cybersecurity. The hacker's communications, which included taunting authorities and making false claims about prolonged access and Russian affiliations, further underscored the incident's complexity and the agency's vulnerability to advanced threats targeting its uniquely sensitive and aggregated national data repository.