Bulgaria’s government has confirmed hackers stole the financial data of millions of its citizens. One researcher told Reuters news service the breach may have compromised the personal records of nearly every adult taxpayer in the country.

Reuters reports the attack was carried out at the end of June and targeted servers in the NRA tax agency. A 20-year-old Bulgarian man – a worker in the tax agency - was arrested in connection with the hack. Government officials say the suspect was responsible for testing computer networks for vulnerabilities. The suspect’s attorney, however, claims there is a “complete lack of evidence” against his client.

The news service reports a person who claimed to be a Russian hacker emailed local media soon after the breach and offered access to the stolen data.

The writer described the government as corrupt, and said fellow hackers compromised more than 100 databases in the attack, including some holding confidential government administrative data.

Government Soft-Pedals Impact

The country’s finance minister claimed only 3 percent of the agency’s database was affected, but still compromising millions of records. Bulgaria has a total population of seven million. The minister stressed that the information wasn’t classified and didn’t affect the country’s financial stability.

A different picture, though, emerged from cyber security specialist Vesselin Bontchev, assistant professor at the Bulgarian Academy of Sciences. Bontchev told Reuters the scale of the attack was huge.

“To the best of my knowledge, this is the first publicly known major data breach in Bulgaria,” he said. “It is safe to say that the personal data of practically the whole Bulgarian adult population has been compromised.”

Bontchev’s assessment seemed to be carried out by the email author claiming to be one of the hackers. His email, sent from a Russian address, claimed more than five million Bulgarian and foreign citizens were compromised – as well as some Bulgarian companies.

Other cybersecurity experts in Bulgaria said the reason the attack was so successful appears not to be related to the skill of the hackers, but the poor security defenses at the nation’s tax agency.

Media speculation seemed to center around the country’s reputation for corruption as the underlying reason for the hack. The anti-graft organization Transparency International ranks Bulgaria as the most corrupt country in the European Union.

Besides possible investigations by the government’s national security council and local authorities, Reuters says Bulgaria plans to seek help from the European Union’s cybersecurity agency to audit its most sensitive systems.