What should I do if the enquiry shows that my personal data has been illegally disclosed?
Dear clients,
If you have made an enquiry and it shows that your personal data has been unlawfully disclosed, it is important for you to know that you do not need to take extraordinary action.
You do not need to change your identity documents.
There is no immediate risk that someone will dispose of your property or assume obligations on your behalf because of the unlawfully disclosed data. This has been confirmed by the Chamber of Notaries, the banks, the fast loans and leasing companies, and the Registry Agency.
We advise you to be cautious when contacted by telephone or by e-mail and give no financial information to anyone.
For further security, you can change the password of your email account and the NRA generated personal identification code (PIC).
What concrete data on me have been leaked?
It is important to know that the unlawfully disclosed data is partial and does not allow for anyone to navigate through your overall assets.
We are currently comparing the illegally disclosed tax and social security information with that in our real databases, in order to check whether published data has been supplemented or tempered with.
Once we have done this, we will also be able to provide information on the specific type of data that has been disclosed.
Until then, it is sufficient to read the NRA’s recommendations in relation to personal data at https://nap.bg/en/document?id=418.
__________________________________________________
NRA: We are currently comparing the unlawfully disseminated information with the real databases
Most of the disclosed information concerns 189 persons, the revenue agency will contact them personally.
There is no need for nearly 4 million Bulgarians whose data has been unlawfully disclosed to change their identity documents. Practical advice for them will be published on NRA’s website by the end of day on 24.07.2019.
After further inspections, it was found that the last week illegally disseminated data of 189 persons included a combination of names, Personal Identification Number, address, number, validity and issuer of a valid ID card. For these citizens there is a greater risk of potential abuse and they will be personally informed by the National Revenue Agency immediately by telephone or e-mail.
The NRA reports that the application for verification of illegally distributed personal data will work by means of Personal Identification Number and will send the results of the data processing to a mobile phone number introduced by the user. The check will be one-off – for one person only and will only answer whether there has been unlawfully disclosed information. This is necessary to ensure that there will be no misuse of personal data, NRA complements.
The Agency is currently comparing the unlawfully disseminated tax and social security information with the information in the real databases to check whether there is overwriting or manipulation, the revenue authority announced. After completion of the inspections, the Agency will be able to provide persons with additional information about the particular type of data that has been disseminated.
Updated on 9 August 2019
On 15 July 2019, it was found that there had been an unauthorized access to about 3% of the information contained in NRA’s databases.
Which natural persons have been affected?
Information about 5.1 million Bulgarian citizens has been affected, about 4 million of them being actual citizens, the others are deceased.
What information about natural persons and legal entities has become available?
Personal data and tax and social security information about domestic and foreign individuals and legal entities have been unlawfully leaked.
It is important to know that this is not all the information available to the National Revenue Agency for a specific natural or legal person, but only partial information, which needs further processing in order to be used. Nevertheless, sensitive data for many Bulgarian and foreign persons has become publicly available.
The unlawfully distributed information may contain any of the following data:
Tax and social security information, such as:
Data from the international automatic tax information exchange regarding Bulgarian and foreign persons
How do I find out if my data has been leaked?
The application where you will be able to check whether your personal data has been leaked is available at https://check.nra.bg. For security reasons, the information in the app is accessible after entering the Personal Identification Number and a single-use code sent to the telephone number indicated in the request.
What measures has the National Revenue Agency undertaken?
We assure you that the Agency has taken all the necessary measures to ensure that the security of its information systems is improved. We reiterate our apologies for the situation created.