The biggest Bulgarian personal data breach has now been confirmed as a fact. There are 57 folders, containing in excess of 1000 files, which hackers sent on Monday- 15/07/2019 to the media in Bulgaria. “Kapital”, a local news provider, appears to have received databases containing more than a million entries containing various personal information details such as addresses, names, and in some cases- earnings. The reality of this leak has been confirmed by numerous reports, which found data matching across varying journalistic sources.
It is a time of awakening to the seriousness of presiding European data privacy and data protection legislation. The consequences of leaks and data mishandling are becoming more dire, but more obvious as well. Just in the last month we have witnessed data breach- related fines. There were such sanctions issued to British airways (in excess of £180 million), to the Mariott Hotel Group (Approximately £100 million), Haga Hospital (€460 000) and even closer to home- UniCredit in Romania was fined in excess of €130 000. Now, with such a large amount of data being taken from the Bulgarian Revenue Agency, is the time for the local Data Protection Agency to set an example and underline the seriousness of dealing with, and mishandling, the data of European Citizens and Residents.
Naturally, this all raises one question- how does such a wide variety of large, certainly “serious” organizations get the “safe handling” of such data so very wrong? As long time providers of cyber risk management services- our observations point to a lack of understanding of what cyber risk management should entail, leading to inadequate preparation of cyber safety and security measures and policies.