The system of Bulgaria’s National Revenue Agency (NRA) was hacked in this June. The financial data of almost all taxpayers in the country was found to be stolen by hackers. The incident becomes the country's largest ever data breach. According to reports, the attack was happened through the vulnerability in the VAT refund system and affected about 3% of the agency’s database, involving records of more than 5 million Bulgarians. Compromised data includes names, national IDs, addresses, personal income, tax records, and even medical records. The incident was not revealed until 15th July when the local media received the email from hackers.
It was not the first time the Bulgarian government was targeted. The country's Commercial Registry system was attacked by hackers one year ago. The incident revealed the government lacks of cybersecurity awareness and did not strengthen their information security measures, resulting the large scale of data breach within one year of last cyberattack.
The cyberattack is extraordinary, but it is not unique. It will happen in any organization. As long as the data is stored in a system which connects to the network, there may be potential of cyberattack risk and infringement of personal data privacy issues.
To ensure information security, enterprises must first navigate the laws and regulations established by local governments for data privacy. For commercial activities in EU and China, businesses must comply with the EU General Data Protection Regulation (GDPR) and China’s Cybersecurity Law respectively. Moreover, appropriate data processing and storage procedures should be established to ensure compliance. To mitigate cyber threats, enterprises should also assess security vulnerabilities and potential risks at their systems from time to time with effective security measures.
CITIC Telecom CPC provides one-stop shop information security managed services to protect enterprises from cyber threats. Contact our security consultants now for a free consultation today!
Külastate meie veebisaiti